Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
c56uoWlDXp.exe

Overview

General Information

Sample name:c56uoWlDXp.exe
renamed because original name is a hash value
Original sample name:216b100a2e23f120c05f482784c1de75.exe
Analysis ID:1575127
MD5:216b100a2e23f120c05f482784c1de75
SHA1:9c7345cb8a81d8796bdb437e5014784b541ff281
SHA256:f4a0b416ca3a94c02563ed3df67d4f8546870662759eb5ae664e6c29a3031afd
Tags:exeuser-abuse_ch
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to infect the boot sector
Hides threads from debuggers
Queries Google from non browser process on port 80
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • c56uoWlDXp.exe (PID: 7048 cmdline: "C:\Users\user\Desktop\c56uoWlDXp.exe" MD5: 216B100A2E23F120C05F482784C1DE75)
    • c56uoWlDXp.exe (PID: 7132 cmdline: "C:\Users\user\Desktop\c56uoWlDXp.exe" MD5: 216B100A2E23F120C05F482784C1DE75)
      • cmd.exe (PID: 7156 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: c56uoWlDXp.exeReversingLabs: Detection: 39%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.2% probability
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A380F0 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,2_2_70A380F0
Source: c56uoWlDXp.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344785112.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344868966.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2611572431.00007FFE8FFEB000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344286753.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: c56uoWlDXp.exe, 00000002.00000002.2610571916.00007FFE78608000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: c56uoWlDXp.exe, 00000000.00000003.2341612264.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2612552098.00007FFE90585000.00000002.00000001.01000000.0000001A.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: c56uoWlDXp.exe, 00000002.00000002.2610988499.00007FFE8F400000.00000002.00000001.01000000.00000019.sdmp, pywintypes310.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: c56uoWlDXp.exe, 00000002.00000002.2608169554.00007FFE760E0000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: c56uoWlDXp.exe, 00000000.00000003.2341423778.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2615102269.00007FFE99FC1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-2-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344621345.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: c56uoWlDXp.exe, 00000002.00000002.2614262104.00007FFE957E0000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2613306792.00007FFE90B66000.00000002.00000001.01000000.00000011.sdmp, _hashlib.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: c56uoWlDXp.exe, 00000002.00000002.2610799960.00007FFE8D543000.00000002.00000001.01000000.0000001B.sdmp, win32api.pyd.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2345053485.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344698163.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344536235.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: c56uoWlDXp.exe, 00000002.00000002.2610799960.00007FFE8D543000.00000002.00000001.01000000.0000001B.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2611572431.00007FFE8FFEB000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2611953384.00007FFE904ED000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2613844699.00007FFE94448000.00000002.00000001.01000000.0000000A.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32event.pdb source: c56uoWlDXp.exe, 00000000.00000003.2357031748.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2613519664.00007FFE92CA5000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2345053485.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344536235.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: c56uoWlDXp.exe, 00000002.00000002.2610087770.00007FFE784D6000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: ucrtbase.pdbOGPS source: c56uoWlDXp.exe, 00000002.00000002.2610571916.00007FFE78608000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344286753.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: c56uoWlDXp.exe, 00000002.00000002.2608169554.00007FFE760E0000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344379546.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344959919.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: c56uoWlDXp.exe, 00000002.00000002.2608169554.00007FFE76162000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344458951.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344785112.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: c56uoWlDXp.exe, 00000002.00000002.2610087770.00007FFE784D6000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344379546.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2614902470.00007FFE99E53000.00000002.00000001.01000000.0000000B.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-2-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344621345.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344698163.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: c56uoWlDXp.exe, 00000002.00000002.2608734154.00007FFE7652F000.00000002.00000001.01000000.00000005.sdmp, python310.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2614569789.00007FFE99DB3000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: c56uoWlDXp.exe, 00000002.00000002.2610988499.00007FFE8F400000.00000002.00000001.01000000.00000019.sdmp, pywintypes310.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344868966.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344458951.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2601869322.000001C181F80000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344959919.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: c56uoWlDXp.exe, 00000002.00000002.2613006146.00007FFE9059D000.00000002.00000001.01000000.0000000D.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5483B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6AB5483B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5492F0 FindFirstFileExW,FindClose,0_2_00007FF6AB5492F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5618E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6AB5618E4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5492F0 FindFirstFileExW,FindClose,2_2_00007FF6AB5492F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5483B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF6AB5483B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5618E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6AB5618E4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 4x nop then push rbp2_2_70A2BD40
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 4x nop then push rbp2_2_70A2BD40

Networking

barindex
Queries Google from non browser process on port 80
Source: C:\Users\user\Desktop\c56uoWlDXp.exeHTTP traffic: GET / HTTP/1.1 Host: www.google.com User-Agent: python-requests/2.32.2 Accept-Encoding: gzip, deflate, br Accept: */* Connection: keep-alive
Source: Joe Sandbox ViewIP Address: 20.233.83.145 20.233.83.145
Source: Joe Sandbox ViewIP Address: 185.199.111.133 185.199.111.133
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 13:08:51 GMTExpires: -1Cache-Control: private, max-age=0Content-Type: text/html; charset=ISO-8859-1Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-6-P6v93A1ZL2f68DHaYPLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hpP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Encoding: gzipServer: gwsContent-Length: 8240X-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: AEC=AZ6Zc-UJZbUteq6Md1J7_BwSLu1lhLflfBwEntN8vULRnhWa1g_lHEiTedA; expires=Thu, 12-Jun-2025 13:08:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=laxSet-Cookie: NID=520=TyHzdsV5jNMz3YfXbHl3iv4UNDmQZxB_g20FEOriB3Z4OeR-4rGS4cZGh3v5HBDHUpAMsZt8M7R6QbKgxmBGY-eHjmIggCQHK7G73QqNo3G_SZ-sjEZrqVQHQAmj3j8O7QfcEcz7Eb3ZFdLIa46zqJIcH08pwieF6B3XKNYPk8RcrK1yGFkcia-vJ0n3HPzBfiIbtL2epg; expires=Sun, 15-Jun-2025 13:08:51 GMT; path=/; domain=.google.com; HttpOnlyData Raw: 1f 8b 08 00 00 00 00 00 02 ff d5 7c 79 77 db b8 b2 e7 ff fd 29 68 e6 5d 5b 3c a6 25 92 da a5 d0 79 8e e3 2c b7 9d d5 e9 2d 6e 8f 07 24 21 89 31 37 93 94 6d c5 d6 77 9f 5f 01 24 45 c9 4a a7 ef bd ef cc 9c 49 ba 6d 12 28 d4 86 42 a1 aa 00 e6 e9 8e 17 bb f9 22 e1 ca 2c 0f 83 c3 a7 f4 53 f1 73 1e 66 6e 9c 70 5b 55 c5 0b 01 d8 ea 2c cf 93 51 ab 95 b9 33 1e b2 66 9c 4e 5b bf 71 e7 03 9b 72 55 09 58 34 b5 55 1e a9 c0 c0 99 77 f8 34 e4 39 53 dc 38 ca 79 94 db ea 19 67 a9 3b 53 f2 19 57 6e e3 34 f0 f6 32 c5 8f 26 71 1a b2 dc 8f 23 1d 2f 6e 30 f7 fc 68 aa dc 72 27 Data Ascii: |yw)h][<%y,-n$!17mw_$EJIm(B",Ssfnp[U,Q3fN[qrUX4Uw49S8yg;SWn42&q#/n0hr'
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comUser-Agent: python-requests/2.32.2Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-alive
Source: c56uoWlDXp.exe, 00000002.00000003.2588476714.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605662044.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ">Play</a> <a class=gb1 href="https://www.youtube.com/?tab=w1">YouTube</a> <a class=gb1 href="https://news.google.com/?tab=wn">News</a> <a class=gb1 href="https://mail.google.com/mail/?tab=wm">Gmail</a> <a class=gb1 href="https://drive.google.com/?tab=wo">Drive</a> <a class=gb1 style="text-decoration:none" href="https://www.google.com/intl/en/about/products?tab=wh"><u>More</u> &raquo;</a></nobr></div><div id=guser width=100%><nobr><span id=gbn class=gbi></span><span id=gbf class=gbf></span><span id=gbe></span><a href="http://www.g equals www.youtube.com (Youtube)
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: })();</script><div id="mngb"><div id=gbar><nobr><b class=gb1>Search</b> <a class=gb1 href="https://www.google.com/imghp?hl=en&tab=wi">Images</a> <a class=gb1 href="http://maps.google.com/maps?hl=en&tab=wl">Maps</a> <a class=gb1 href="https://play.google.com/?hl=en&tab=w8">Play</a> <a class=gb1 href="https://www.youtube.com/?tab=w1">YouTube</a> <a class=gb1 href="https://news.google.com/?tab=wn">News</a> <a class=gb1 href="https://mail.google.com/mail/?tab=wm">Gmail</a> <a class=gb1 href="https://drive.google.com/?tab=wo">Drive</a> <a class=gb1 style="text-decoration:none" href="https://www.google.com/intl/en/about/products?tab=wh"><u>More</u> &raquo;</a></nobr></div><div id=guser width=100%><nobr><span id=gbn class=gbi></span><span id=gbf class=gbf></span><span id=gbe></span><a href="http://www.google.com/history/optout?hl=en" class=gb4>Web History</a> | <a href="/preferences?hl=en" class=gb4>Settings</a> | <a target=_top id=gb_70 href="https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=http://www.google.com/&ec=GAZAAQ" class=gb4>Sign in</a></nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div></div><center><br clear="all" id="lgpd"><div id="XjhHGf"><img alt="Seasonal Holid equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: github.com
Source: c56uoWlDXp.exe, 00000002.00000002.2605172373.000001C184830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: c56uoWlDXp.exe, 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://.css
Source: c56uoWlDXp.exe, 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://.jpg
Source: c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872D1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872D1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: c56uoWlDXp.exe, 00000002.00000003.2593145212.000001C184008000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593831163.000001C18400B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184AC5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589285544.000001C184AC1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: c56uoWlDXp.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602267328.000001C182075000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591704331.000001C182073000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604571373.000001C1843B0000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2595072906.000001C1843AE000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2598083599.000001C1843AF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589305214.000001C184A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: c56uoWlDXp.exe, 00000002.00000003.2592825895.000001C184321000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599019987.000001C184344000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597958022.000001C18432F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C18431E000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184AC5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589285544.000001C184AC1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: c56uoWlDXp.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: c56uoWlDXp.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlM
Source: c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlU
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: c56uoWlDXp.exe, 00000002.00000003.2591781963.000001C181FF5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599408374.000001C181FF5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602031876.000001C181FF6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: c56uoWlDXp.exe, 00000002.00000003.2591781963.000001C181FF5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599408374.000001C181FF5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602031876.000001C181FF6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlX
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872D1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872D1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: libssl-1_1.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872D1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: c56uoWlDXp.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: c56uoWlDXp.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: c56uoWlDXp.exe, 00000002.00000002.2606229369.000001C184D78000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: c56uoWlDXp.exe, 00000002.00000003.2593960232.000001C1843B7000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604571373.000001C1843B8000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: c56uoWlDXp.exe, 00000002.00000003.2595072906.000001C1843A4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593960232.000001C184392000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpytho
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2595072906.000001C1843A4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593960232.000001C184392000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: c56uoWlDXp.exe, 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmp, _brotli.cp310-win_amd64.pyd.0.drString found in binary or memory: http://html4/loose.dtd
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maps.google.com/maps?hl=en&tab=wl
Source: c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A8C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: c56uoWlDXp.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872D1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872D1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: c56uoWlDXp.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: c56uoWlDXp.exeString found in binary or memory: http://ocsp.sectigo.com0$
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602267328.000001C182075000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591704331.000001C182073000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/YWIN
Source: c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/d
Source: c56uoWlDXp.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: c56uoWlDXp.exeString found in binary or memory: http://s.symcd.com06
Source: c56uoWlDXp.exe, 00000002.00000003.2588476714.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605662044.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schema.org/WebPage
Source: c56uoWlDXp.exe, 00000002.00000002.2605073255.000001C184700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: c56uoWlDXp.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: c56uoWlDXp.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: c56uoWlDXp.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A8C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: c56uoWlDXp.exe, 00000002.00000003.2589654938.000001C18498C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A8C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: c56uoWlDXp.exe, 00000002.00000002.2605745013.000001C184A81000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A7D000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A8C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: c56uoWlDXp.exe, 00000002.00000002.2605745013.000001C184A81000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A7D000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A8C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2353909599.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2350868410.0000023F872D1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A99000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593145212.000001C184008000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593831163.000001C18400B000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590443119.000001C184AA7000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599491106.000001C18400D000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602599513.000001C18400E000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: c56uoWlDXp.exe, 00000002.00000002.2604150196.000001C184315000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603584784.000001C1841E0000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C1842FC000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593748501.000001C184314000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C1842E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
Source: c56uoWlDXp.exe, 00000002.00000002.2606350564.000001C184F68000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/history/optout?hl=en
Source: c56uoWlDXp.exe, 00000002.00000003.2593960232.000001C1843B7000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: c56uoWlDXp.exe, 00000002.00000003.2589654938.000001C18498C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605404233.000001C18498D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cpsfullnamer
Source: c56uoWlDXp.exe, 00000002.00000003.2598711181.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592380737.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588571768.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604800651.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599740643.000001C1844D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?hl=en&passive=true&continue=http://www.google.com/&ec=GAZAA
Source: _cffi_backend.cp310-win_amd64.pyd.0.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: c56uoWlDXp.exe, 00000002.00000002.2606350564.000001C184E90000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605172373.000001C184830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp
Source: c56uoWlDXp.exe, 00000002.00000002.2605172373.000001C184830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp0
Source: c56uoWlDXp.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: c56uoWlDXp.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: c56uoWlDXp.exeString found in binary or memory: https://d.symcb.com/rpa0.
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C183830000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C183830000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C183830000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: c56uoWlDXp.exe, 00000002.00000003.2592903930.000001C182017000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602093439.000001C18201A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589325038.000001C184A65000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589370408.000001C184A72000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605073255.000001C184700000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589305214.000001C184A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?tab=wo
Source: c56uoWlDXp.exe, 00000002.00000002.2603389187.000001C1840E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597135503.000001C184357000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382729668.000001C1849BE000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588425435.000001C1849BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: c56uoWlDXp.exe, 00000002.00000002.2606350564.000001C184F48000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602493132.000001C183C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ShevaSvinobaron/saygex/raw/refs/heads/main/static/img/posts/brg/tiktok.mp4
Source: c56uoWlDXp.exe, 00000002.00000002.2604150196.000001C184315000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C1842FC000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593748501.000001C184314000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C1842E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ShevaSvinobaron/saygex/raw/refs/heads/main/static/img/posts/brg/tiktok.mp4i
Source: c56uoWlDXp.exe, 00000002.00000003.2592903930.000001C182017000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602093439.000001C18201A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: c56uoWlDXp.exe, c56uoWlDXp.exe, 00000002.00000002.2611039389.00007FFE8F411000.00000002.00000001.01000000.00000019.sdmp, c56uoWlDXp.exe, 00000002.00000002.2613564054.00007FFE92CA9000.00000002.00000001.01000000.00000018.sdmp, c56uoWlDXp.exe, 00000002.00000002.2610848056.00007FFE8D551000.00000002.00000001.01000000.0000001B.sdmp, win32api.pyd.0.dr, pywintypes310.dll.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: c56uoWlDXp.exe, 00000002.00000002.2606350564.000001C184E90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364292082.000001C182072000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: c56uoWlDXp.exe, 00000002.00000003.2592903930.000001C182017000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602093439.000001C18201A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: c56uoWlDXp.exe, 00000002.00000003.2592903930.000001C182017000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602093439.000001C18201A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: c56uoWlDXp.exe, 00000002.00000002.2603389187.000001C1840E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592486380.000001C1843CE000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: c56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: c56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920b
Source: c56uoWlDXp.exe, 00000002.00000002.2605172373.000001C184830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591572043.000001C1843D2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604713420.000001C1843CB000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592486380.000001C1843D4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382729668.000001C1849BE000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2596098329.000001C184406000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593637206.000001C1843CA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588425435.000001C1849BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591572043.000001C1843D2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604713420.000001C1843CB000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592486380.000001C1843D4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2596098329.000001C184406000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593637206.000001C1843CA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: c56uoWlDXp.exe, 00000002.00000003.2591928678.000001C184037000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592825895.000001C184321000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599019987.000001C184344000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597958022.000001C18432F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C18431E000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: c56uoWlDXp.exe, 00000002.00000003.2588425435.000001C1849BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: c56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597702297.000001C18499C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: c56uoWlDXp.exe, 00000002.00000003.2593769041.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592825895.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597273168.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C184348000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592069701.000001C184349000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380548254.000001C184345000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C18431E000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591235449.000001C18408C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588627316.000001C18408A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: c56uoWlDXp.exe, 00000002.00000003.2590765564.000001C1844D6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593452929.000001C1844DD000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588571768.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591032117.000001C1844D9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592380737.000001C1844DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=wm
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://news.google.com/?tab=wn
Source: c56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605073255.000001C184700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: c56uoWlDXp.exe, 00000002.00000003.2588476714.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605662044.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/?hl=e
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/?hl=en&tab=w8
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: c56uoWlDXp.exe, 00000002.00000002.2608734154.00007FFE7652F000.00000002.00000001.01000000.00000005.sdmp, python310.dll.0.drString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: c56uoWlDXp.exe, 00000002.00000002.2603584784.000001C1841E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/beznogym/beznogy/refs/heads/main/tiktok.txt
Source: c56uoWlDXp.exe, 00000002.00000002.2604150196.000001C184315000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C1842FC000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593748501.000001C184314000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C1842E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/beznogym/beznogy/refs/heads/main/tiktok.txtz
Source: c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: c56uoWlDXp.exe, 00000002.00000002.2606350564.000001C184E90000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593769041.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592825895.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597273168.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C184348000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592069701.000001C184349000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380548254.000001C184345000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: c56uoWlDXp.exeString found in binary or memory: https://sectigo.com/CPS0
Source: c56uoWlDXp.exe, 00000002.00000003.2592753698.000001C184038000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591928678.000001C184037000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382729668.000001C1849BE000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588425435.000001C1849BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: c56uoWlDXp.exe, 00000002.00000002.2603584784.000001C1841E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: c56uoWlDXp.exe, 00000002.00000002.2603584784.000001C1841E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyPz&
Source: c56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: c56uoWlDXp.exe, 00000000.00000003.2347556466.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: c56uoWlDXp.exe, 00000000.00000003.2346959012.0000023F872D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2347556466.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2347628483.0000023F872D3000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&tab=wi
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=wh
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-2xa.gif
Source: c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2608425746.00007FFE761D9000.00000002.00000001.01000000.0000000E.sdmp, c56uoWlDXp.exe, 00000002.00000002.2610216526.00007FFE7850B000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: c56uoWlDXp.exe, 00000002.00000003.2593769041.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592825895.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597273168.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C184348000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592069701.000001C184349000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380548254.000001C184345000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: c56uoWlDXp.exe, 00000002.00000003.2590765564.000001C1844D6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593452929.000001C1844DD000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588571768.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591032117.000001C1844D9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592380737.000001C1844DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: c56uoWlDXp.exe, 00000000.00000003.2345235121.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603584784.000001C1841E0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C183830000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: c56uoWlDXp.exe, 00000002.00000003.2592753698.000001C184035000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?tab=w1
Source: c56uoWlDXp.exe, 00000002.00000003.2590234991.000001C184AB4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A99000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184AC5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589285544.000001C184AC1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591572043.000001C1843D2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604713420.000001C1843CB000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592486380.000001C1843D4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2596098329.000001C184406000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593637206.000001C1843CA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A70C90 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,2_2_70A70C90
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A22B90: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy,2_2_70A22B90
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB565C700_2_00007FF6AB565C70
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB548BD00_2_00007FF6AB548BD0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5669D40_2_00007FF6AB5669D4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5410000_2_00007FF6AB541000
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB552C800_2_00007FF6AB552C80
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB563C800_2_00007FF6AB563C80
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5664880_2_00007FF6AB566488
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5609380_2_00007FF6AB560938
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB54AD1D0_2_00007FF6AB54AD1D
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB54A4E40_2_00007FF6AB54A4E4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB54A34B0_2_00007FF6AB54A34B
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB551BC00_2_00007FF6AB551BC0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB55DACC0_2_00007FF6AB55DACC
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5519B40_2_00007FF6AB5519B4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5609380_2_00007FF6AB560938
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5581540_2_00007FF6AB558154
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB553A140_2_00007FF6AB553A14
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5521D40_2_00007FF6AB5521D4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5498700_2_00007FF6AB549870
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB56411C0_2_00007FF6AB56411C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5618E40_2_00007FF6AB5618E4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5697980_2_00007FF6AB569798
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5517B00_2_00007FF6AB5517B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB55DF600_2_00007FF6AB55DF60
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5588040_2_00007FF6AB558804
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB551FD00_2_00007FF6AB551FD0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB559F100_2_00007FF6AB559F10
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB565EEC0_2_00007FF6AB565EEC
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB555DA00_2_00007FF6AB555DA0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5536100_2_00007FF6AB553610
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB55E5E00_2_00007FF6AB55E5E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB551DC40_2_00007FF6AB551DC4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A0E6F02_2_70A0E6F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A0A7B02_2_70A0A7B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A6FFB02_2_70A6FFB0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A3A0A02_2_70A3A0A0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A3D8002_2_70A3D800
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A3E8602_2_70A3E860
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A771902_2_70A77190
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A271102_2_70A27110
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A3B1102_2_70A3B110
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A7D9102_2_70A7D910
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A239402_2_70A23940
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A5E1402_2_70A5E140
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A439502_2_70A43950
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A6E1502_2_70A6E150
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A35AF02_2_70A35AF0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A0F2202_2_70A0F220
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A382702_2_70A38270
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A362502_2_70A36250
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A013E02_2_70A013E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A6C3302_2_70A6C330
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A3D3102_2_70A3D310
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A223602_2_70A22360
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A573702_2_70A57370
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A6BB702_2_70A6BB70
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A3EC802_2_70A3EC80
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A34C202_2_70A34C20
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A6CC152_2_70A6CC15
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A24DA02_2_70A24DA0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A265B02_2_70A265B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A965E02_2_70A965E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A7DDF02_2_70A7DDF0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A38DC02_2_70A38DC0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A6EDC02_2_70A6EDC0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A7E5102_2_70A7E510
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A315702_2_70A31570
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A225402_2_70A22540
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A2BD402_2_70A2BD40
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A41D402_2_70A41D40
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A3B5502_2_70A3B550
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A436D02_2_70A436D0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A07E202_2_70A07E20
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A31E302_2_70A31E30
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A6D6302_2_70A6D630
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A29E702_2_70A29E70
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A18E402_2_70A18E40
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A56FE22_2_70A56FE2
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A0F7C02_2_70A0F7C0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A3CF202_2_70A3CF20
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A36F002_2_70A36F00
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A407002_2_70A40700
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A26F702_2_70A26F70
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB565C702_2_00007FF6AB565C70
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5669D42_2_00007FF6AB5669D4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5410002_2_00007FF6AB541000
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB552C802_2_00007FF6AB552C80
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB563C802_2_00007FF6AB563C80
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5664882_2_00007FF6AB566488
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5609382_2_00007FF6AB560938
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB54AD1D2_2_00007FF6AB54AD1D
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB54A4E42_2_00007FF6AB54A4E4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB54A34B2_2_00007FF6AB54A34B
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB551BC02_2_00007FF6AB551BC0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB548BD02_2_00007FF6AB548BD0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB55DACC2_2_00007FF6AB55DACC
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5519B42_2_00007FF6AB5519B4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5609382_2_00007FF6AB560938
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5581542_2_00007FF6AB558154
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB553A142_2_00007FF6AB553A14
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5521D42_2_00007FF6AB5521D4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5498702_2_00007FF6AB549870
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB56411C2_2_00007FF6AB56411C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5618E42_2_00007FF6AB5618E4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5697982_2_00007FF6AB569798
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5517B02_2_00007FF6AB5517B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB55DF602_2_00007FF6AB55DF60
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5588042_2_00007FF6AB558804
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB551FD02_2_00007FF6AB551FD0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB559F102_2_00007FF6AB559F10
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB565EEC2_2_00007FF6AB565EEC
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB555DA02_2_00007FF6AB555DA0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5536102_2_00007FF6AB553610
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB55E5E02_2_00007FF6AB55E5E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB551DC42_2_00007FF6AB551DC4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75CA18602_2_00007FFE75CA1860
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E122302_2_00007FFE75E12230
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DEB6202_2_00007FFE75DEB620
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF5C002_2_00007FFE75DF5C00
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E006002_2_00007FFE75E00600
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DDBA002_2_00007FFE75DDBA00
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E0F4002_2_00007FFE75E0F400
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DEA8102_2_00007FFE75DEA810
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DEF9E02_2_00007FFE75DEF9E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF41E02_2_00007FFE75DF41E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E06FC02_2_00007FFE75E06FC0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DEF5D02_2_00007FFE75DEF5D0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DD29D02_2_00007FFE75DD29D0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DC5BA02_2_00007FFE75DC5BA0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DD69A02_2_00007FFE75DD69A0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E109A02_2_00007FFE75E109A0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DE9D902_2_00007FFE75DE9D90
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E0DB702_2_00007FFE75E0DB70
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DC3D602_2_00007FFE75DC3D60
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DCA5602_2_00007FFE75DCA560
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E11B602_2_00007FFE75E11B60
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF6F402_2_00007FFE75DF6F40
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DCC9402_2_00007FFE75DCC940
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E0C3402_2_00007FFE75E0C340
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E07D502_2_00007FFE75E07D50
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DD47502_2_00007FFE75DD4750
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DCDF202_2_00007FFE75DCDF20
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E0B7102_2_00007FFE75E0B710
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF27002_2_00007FFE75DF2700
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DCB3002_2_00007FFE75DCB300
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF2AE02_2_00007FFE75DF2AE0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DEC8E02_2_00007FFE75DEC8E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E008F02_2_00007FFE75E008F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DD58F02_2_00007FFE75DD58F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DC66C02_2_00007FFE75DC66C0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF68C02_2_00007FFE75DF68C0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E0FEB02_2_00007FFE75E0FEB0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E094B02_2_00007FFE75E094B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E07AA02_2_00007FFE75E07AA0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF0EB02_2_00007FFE75DF0EB0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF12902_2_00007FFE75DF1290
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DEE0902_2_00007FFE75DEE090
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF46902_2_00007FFE75DF4690
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DC786B2_2_00007FFE75DC786B
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E076602_2_00007FFE75E07660
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E0E8602_2_00007FFE75E0E860
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DC20702_2_00007FFE75DC2070
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DEB2702_2_00007FFE75DEB270
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DD7E702_2_00007FFE75DD7E70
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75DF74502_2_00007FFE75DF7450
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E9474B2_2_00007FFE75E9474B
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E91B362_2_00007FFE75E91B36
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E9435E2_2_00007FFE75E9435E
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E937922_2_00007FFE75E93792
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75EBB5502_2_00007FFE75EBB550
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75FC77802_2_00007FFE75FC7780
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E957D62_2_00007FFE75E957D6
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75FC74802_2_00007FFE75FC7480
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E92D102_2_00007FFE75E92D10
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75EFF7002_2_00007FFE75EFF700
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E938372_2_00007FFE75E93837
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75EAF2002_2_00007FFE75EAF200
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E972572_2_00007FFE75E97257
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75EBB1C02_2_00007FFE75EBB1C0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E929872_2_00007FFE75E92987
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E9114F2_2_00007FFE75E9114F
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E93BA72_2_00007FFE75E93BA7
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E926712_2_00007FFE75E92671
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75EAF0602_2_00007FFE75EAF060
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE7604B0E02_2_00007FFE7604B0E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E950B02_2_00007FFE75E950B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E96EF12_2_00007FFE75E96EF1
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E95E252_2_00007FFE75E95E25
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E960DC2_2_00007FFE75E960DC
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75EABD602_2_00007FFE75EABD60
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E95A652_2_00007FFE75E95A65
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75FC3CC02_2_00007FFE75FC3CC0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E91CC62_2_00007FFE75E91CC6
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75EABF202_2_00007FFE75EABF20
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E9416A2_2_00007FFE75E9416A
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E9707C2_2_00007FFE75E9707C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E9348B2_2_00007FFE75E9348B
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E936982_2_00007FFE75E93698
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E94E532_2_00007FFE75E94E53
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E968CA2_2_00007FFE75E968CA
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E91A502_2_00007FFE75E91A50
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E936342_2_00007FFE75E93634
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E96EBF2_2_00007FFE75E96EBF
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E912172_2_00007FFE75E91217
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E910AA2_2_00007FFE75E910AA
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E944082_2_00007FFE75E94408
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E965A02_2_00007FFE75E965A0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E96FFF2_2_00007FFE75E96FFF
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E9318E2_2_00007FFE75E9318E
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75FD25D02_2_00007FFE75FD25D0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75FBE5F02_2_00007FFE75FBE5F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E9144C2_2_00007FFE75E9144C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E923012_2_00007FFE75E92301
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 00007FFE75E94840 appears 48 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 00007FFE75E91EF6 appears 454 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 70A04230 appears 238 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 00007FF6AB542710 appears 104 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 70A2D400 appears 325 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 70A96CA0 appears 192 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 00007FFE75E92A09 appears 81 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 00007FFE75E92739 appears 153 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 70A96730 appears 31 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 00007FF6AB542910 appears 34 times
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: String function: 00007FFE75E9405C appears 234 times
Source: c56uoWlDXp.exeStatic PE information: invalid certificate
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _pytransform.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: c56uoWlDXp.exe, 00000000.00000003.2344142240.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2355000164.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2356792029.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2342528787.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344379546.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344458951.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2355423083.0000023F872D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2345053485.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2341612264.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2352012515.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2357031748.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2357031748.0000023F872D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344536235.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000002.2619010897.0000023F872D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344698163.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344286753.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344868966.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2342974759.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344785112.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344959919.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2341423778.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000000.00000003.2344621345.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exeBinary or memory string: OriginalFilename vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2612743511.00007FFE90589000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2608425746.00007FFE761D9000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2610216526.00007FFE7850B000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibsslH vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2601869322.000001C181F80000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2609597047.00007FFE76638000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2614959285.00007FFE99E56000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2612149463.00007FFE904F2000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2613378463.00007FFE90B6E000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2615267567.00007FFE99FC7000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2610700824.00007FFE78658000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2614364096.00007FFE957ED000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2611039389.00007FFE8F411000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2613136620.00007FFE905B5000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2613564054.00007FFE92CA9000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2613949823.00007FFE94452000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2614668019.00007FFE99DB6000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2611744995.00007FFE8FFF4000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs c56uoWlDXp.exe
Source: c56uoWlDXp.exe, 00000002.00000002.2610848056.00007FFE8D551000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs c56uoWlDXp.exe
Source: classification engineClassification label: mal64.evad.winEXE@6/46@3/3
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A224D0 GetLastError,FormatMessageA,LocalFree,2_2_70A224D0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_03
Source: C:\Users\user\Desktop\c56uoWlDXp.exeMutant created: \Sessions\1\BaseNamedObjects\Global\kvartiravaneyaet
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482Jump to behavior
Source: c56uoWlDXp.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\c56uoWlDXp.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: c56uoWlDXp.exeReversingLabs: Detection: 39%
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile read: C:\Users\user\Desktop\c56uoWlDXp.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\c56uoWlDXp.exe "C:\Users\user\Desktop\c56uoWlDXp.exe"
Source: C:\Users\user\Desktop\c56uoWlDXp.exeProcess created: C:\Users\user\Desktop\c56uoWlDXp.exe "C:\Users\user\Desktop\c56uoWlDXp.exe"
Source: C:\Users\user\Desktop\c56uoWlDXp.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\c56uoWlDXp.exeProcess created: C:\Users\user\Desktop\c56uoWlDXp.exe "C:\Users\user\Desktop\c56uoWlDXp.exe"Jump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: pywintypes310.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: c56uoWlDXp.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: c56uoWlDXp.exeStatic file information: File size 11426164 > 1048576
Source: c56uoWlDXp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: c56uoWlDXp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: c56uoWlDXp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: c56uoWlDXp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: c56uoWlDXp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: c56uoWlDXp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: c56uoWlDXp.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: c56uoWlDXp.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344785112.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344868966.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2611572431.00007FFE8FFEB000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344286753.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: c56uoWlDXp.exe, 00000002.00000002.2610571916.00007FFE78608000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: c56uoWlDXp.exe, 00000000.00000003.2341612264.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2612552098.00007FFE90585000.00000002.00000001.01000000.0000001A.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb source: c56uoWlDXp.exe, 00000002.00000002.2610988499.00007FFE8F400000.00000002.00000001.01000000.00000019.sdmp, pywintypes310.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: c56uoWlDXp.exe, 00000002.00000002.2608169554.00007FFE760E0000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: c56uoWlDXp.exe, 00000000.00000003.2341423778.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2615102269.00007FFE99FC1000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-2-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344621345.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: c56uoWlDXp.exe, 00000002.00000002.2614262104.00007FFE957E0000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: c56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2613306792.00007FFE90B66000.00000002.00000001.01000000.00000011.sdmp, _hashlib.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb!! source: c56uoWlDXp.exe, 00000002.00000002.2610799960.00007FFE8D543000.00000002.00000001.01000000.0000001B.sdmp, win32api.pyd.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2345053485.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344698163.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344536235.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32api.pdb source: c56uoWlDXp.exe, 00000002.00000002.2610799960.00007FFE8D543000.00000002.00000001.01000000.0000001B.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: c56uoWlDXp.exe, 00000000.00000003.2343354197.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2611572431.00007FFE8FFEB000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: c56uoWlDXp.exe, 00000000.00000003.2342200040.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2611953384.00007FFE904ED000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344003047.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2613844699.00007FFE94448000.00000002.00000001.01000000.0000000A.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\win32event.pdb source: c56uoWlDXp.exe, 00000000.00000003.2357031748.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2613519664.00007FFE92CA5000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2345053485.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: c56uoWlDXp.exe, 00000000.00000003.2356393121.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344536235.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: c56uoWlDXp.exe, 00000002.00000002.2610087770.00007FFE784D6000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: ucrtbase.pdbOGPS source: c56uoWlDXp.exe, 00000002.00000002.2610571916.00007FFE78608000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344286753.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: c56uoWlDXp.exe, 00000002.00000002.2608169554.00007FFE760E0000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344379546.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344959919.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: c56uoWlDXp.exe, 00000002.00000002.2608169554.00007FFE76162000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344458951.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344785112.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: c56uoWlDXp.exe, 00000002.00000002.2610087770.00007FFE784D6000.00000002.00000001.01000000.0000000F.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344379546.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: c56uoWlDXp.exe, 00000000.00000003.2355150837.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2614902470.00007FFE99E53000.00000002.00000001.01000000.0000000B.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-2-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344621345.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344698163.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: c56uoWlDXp.exe, 00000002.00000002.2608734154.00007FFE7652F000.00000002.00000001.01000000.00000005.sdmp, python310.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: c56uoWlDXp.exe, 00000000.00000003.2343912638.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2614569789.00007FFE99DB3000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-310\Release\pywintypes.pdb** source: c56uoWlDXp.exe, 00000002.00000002.2610988499.00007FFE8F400000.00000002.00000001.01000000.00000019.sdmp, pywintypes310.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344868966.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: c56uoWlDXp.exe, 00000000.00000003.2344458951.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: c56uoWlDXp.exe, 00000000.00000003.2352269284.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2601869322.000001C181F80000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: c56uoWlDXp.exe, 00000000.00000003.2344959919.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: c56uoWlDXp.exe, 00000002.00000002.2613006146.00007FFE9059D000.00000002.00000001.01000000.0000000D.sdmp, _ssl.pyd.0.dr
Source: c56uoWlDXp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: c56uoWlDXp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: c56uoWlDXp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: c56uoWlDXp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: c56uoWlDXp.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: 0xA4BAB144 [Mon Jul 30 06:01:40 2057 UTC]
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A70C90 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,2_2_70A70C90
Source: pywintypes310.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x26a6c
Source: md__mypyc.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x2bdb3
Source: win32api.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x272b8
Source: _rust.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x78b1a6
Source: _pytransform.dll.0.drStatic PE information: real checksum: 0x125b11 should be: 0x1202f4
Source: md.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x12854
Source: _cffi_backend.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x3108a
Source: win32event.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xe713
Source: _brotli.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xd0a91
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: _pytransform.dll.0.drStatic PE information: section name: .xdata
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python310.dll.0.drStatic PE information: section name: PyRuntim
Source: ucrtbase.dll.0.drStatic PE information: section name: fothk
Source: ucrtbase.dll.0.drStatic PE information: section name: .fptable

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d2_2_70A22B90
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d2_2_70A227E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_brotli.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-sysinfo-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32event.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI70482\VCRUNTIME140_1.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d2_2_70A22B90
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d2_2_70A227E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB545820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF6AB545820
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_brotli.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-sysinfo-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32event.pydJump to dropped file
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17244
Source: C:\Users\user\Desktop\c56uoWlDXp.exeAPI coverage: 3.3 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5483B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6AB5483B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5492F0 FindFirstFileExW,FindClose,0_2_00007FF6AB5492F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5618E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6AB5618E4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5492F0 FindFirstFileExW,FindClose,2_2_00007FF6AB5492F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5483B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF6AB5483B0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB5618E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6AB5618E4
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A06A70 GetSystemInfo,VirtualAlloc,VirtualAlloc,2_2_70A06A70
Source: c56uoWlDXp.exe, 00000000.00000003.2345799144.0000023F872C2000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: c56uoWlDXp.exe, 00000002.00000002.2602736677.000001C18403A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592753698.000001C184038000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591928678.000001C184037000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\c56uoWlDXp.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB54D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6AB54D19C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A70C90 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,2_2_70A70C90
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5634F0 GetProcessHeap,0_2_00007FF6AB5634F0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB54D37C SetUnhandledExceptionFilter,0_2_00007FF6AB54D37C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB54D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6AB54D19C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB54C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6AB54C910
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB55A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6AB55A684
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A95380 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,2_2_70A95380
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB54D37C SetUnhandledExceptionFilter,2_2_00007FF6AB54D37C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB54D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6AB54D19C
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB54C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF6AB54C910
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FF6AB55A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6AB55A684
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75CA3028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE75CA3028
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75CA2A60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE75CA2A60
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E14050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE75E14050
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_00007FFE75E95A24 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE75E95A24
Source: C:\Users\user\Desktop\c56uoWlDXp.exeProcess created: C:\Users\user\Desktop\c56uoWlDXp.exe "C:\Users\user\Desktop\c56uoWlDXp.exe"Jump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB5695E0 cpuid 0_2_00007FF6AB5695E0
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-file-l1-2-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-localization-l1-2-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-processthreads-l1-1-1.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-locale-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-string-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\python310.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_brotli.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md__mypyc.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32event.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeQueries volume information: C:\Users\user\Desktop\c56uoWlDXp.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB54D080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6AB54D080
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 0_2_00007FF6AB565C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6AB565C70
Source: C:\Users\user\Desktop\c56uoWlDXp.exeCode function: 2_2_70A70CFC GetVersion,GetCurrentThread,2_2_70A70CFC
Source: C:\Users\user\Desktop\c56uoWlDXp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
Bootkit		11
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		11
Process Injection		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets25
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
c56uoWlDXp.exe39%ReversingLabsWin64.Trojan.Znyonm

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI70482\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_brotli.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_pytransform.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-sysinfo-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md__mypyc.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\python310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32\pywintypes310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\ucrtbase.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32api.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32event.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://repository.swisssign.com/d0%Avira URL Cloudsafe
http://ocsp.sectigo.com0$0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyPz&0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
20.233.83.145
truefalse
    		high
    raw.githubusercontent.com
    		185.199.111.133
    		truefalse
      		high
      www.google.com
      		172.217.19.228
      		truefalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0c56uoWlDXp.exefalse
          		high
          https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-2xa.gifc56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://github.com/mhammond/pywin32c56uoWlDXp.exe, c56uoWlDXp.exe, 00000002.00000002.2611039389.00007FFE8F411000.00000002.00000001.01000000.00000019.sdmp, c56uoWlDXp.exe, 00000002.00000002.2613564054.00007FFE92CA9000.00000002.00000001.01000000.00000018.sdmp, c56uoWlDXp.exe, 00000002.00000002.2610848056.00007FFE8D551000.00000002.00000001.01000000.0000001B.sdmp, win32api.pyd.0.dr, pywintypes310.dll.0.drfalse
              		high
              http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#c56uoWlDXp.exefalse
                		high
                https://news.google.com/?tab=wnc56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://python.org/dev/peps/pep-0263/c56uoWlDXp.exe, 00000002.00000002.2608734154.00007FFE7652F000.00000002.00000001.01000000.00000005.sdmp, python310.dll.0.drfalse
                    		high
                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#c56uoWlDXp.exe, 00000002.00000003.2592903930.000001C182017000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602093439.000001C18201A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/pyca/cryptography/actions?query=workflow%3ACIc56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                        		high
                        https://tools.ietf.org/html/rfc2388#section-4.4c56uoWlDXp.exe, 00000002.00000003.2592753698.000001C184038000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591928678.000001C184037000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.apache.org/licenses/LICENSE-2.0c56uoWlDXp.exe, 00000000.00000003.2346959012.0000023F872D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2347556466.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000000.00000003.2347628483.0000023F872D3000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                            		high
                            http://repository.swisssign.com/dc56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://raw.githubusercontent.com/beznogym/beznogy/refs/heads/main/tiktok.txtzc56uoWlDXp.exe, 00000002.00000002.2604150196.000001C184315000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C1842FC000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593748501.000001C184314000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C1842E8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://maps.google.com/maps?hl=en&tab=wlc56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963c56uoWlDXp.exe, 00000002.00000002.2603389187.000001C1840E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.xrampsecurity.com/XGCA.crlXc56uoWlDXp.exe, 00000002.00000003.2591781963.000001C181FF5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599408374.000001C181FF5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602031876.000001C181FF6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.dhimyotis.com/certignarootca.crlc56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184AC5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589285544.000001C184AC1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://curl.haxx.se/rfc/cookie_spec.htmlc56uoWlDXp.exe, 00000002.00000002.2606229369.000001C184D78000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.accv.esc56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamec56uoWlDXp.exe, 00000002.00000002.2602300217.000001C183830000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyc56uoWlDXp.exe, 00000002.00000002.2603584784.000001C1841E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364292082.000001C182072000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://csp.withgoogle.com/csp/gws/other-hp0c56uoWlDXp.exe, 00000002.00000002.2605172373.000001C184830000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://httpbin.org/getc56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597702297.000001C18499C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.google.com/imghp?hl=en&tab=wic56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codec56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://wwww.certigna.fr/autorites/0mc56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184AC5000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589285544.000001C184AC1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerc56uoWlDXp.exe, 00000002.00000003.2592903930.000001C182017000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602093439.000001C18201A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://httpbin.org/c56uoWlDXp.exe, 00000002.00000003.2588425435.000001C1849BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyPz&c56uoWlDXp.exe, 00000002.00000002.2603584784.000001C1841E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.apache.org/licenses/c56uoWlDXp.exe, 00000000.00000003.2347556466.0000023F872C5000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                		high
                                                                https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainc56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                  		high
                                                                  https://wwww.certigna.fr/autorites/c56uoWlDXp.exe, 00000002.00000003.2590234991.000001C184AB4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A99000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulec56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesc56uoWlDXp.exe, 00000002.00000002.2602300217.000001C183830000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.youtube.com/?tab=w1c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2595072906.000001C1843A4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593960232.000001C184392000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cryptography.io/en/latest/installation/c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                              		high
                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syc56uoWlDXp.exe, 00000002.00000003.2592903930.000001C182017000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602093439.000001C18201A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://ocsp.sectigo.com0$c56uoWlDXp.exefalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://crl.securetrust.com/STCA.crlc56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://wwwsearch.sf.net/):c56uoWlDXp.exe, 00000002.00000003.2598711181.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592380737.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588571768.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604800651.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599740643.000001C1844D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A8C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.accv.es/legislacion_c.htmc56uoWlDXp.exe, 00000002.00000002.2605745013.000001C184A81000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A7D000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.3c56uoWlDXp.exe, 00000002.00000002.2605073255.000001C184700000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.google.com/history/optout?hl=enc56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://cryptography.io/en/latest/security/c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                              		high
                                                                                              https://cffi.readthedocs.io/en/latest/using.html#callbacks_cffi_backend.cp310-win_amd64.pyd.0.drfalse
                                                                                                		high
                                                                                                http://crl.xrampsecurity.com/XGCA.crl0c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/ShevaSvinobaron/saygex/raw/refs/heads/main/static/img/posts/brg/tiktok.mp4ic56uoWlDXp.exe, 00000002.00000002.2604150196.000001C184315000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C1842FC000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593748501.000001C184314000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C1842E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.securetrust.com/STCA.crlUc56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.cert.fnmt.es/dpcs/c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://google.com/mailc56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591572043.000001C1843D2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604713420.000001C1843CB000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592486380.000001C1843D4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2596098329.000001C184406000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593637206.000001C1843CA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://packaging.python.org/specifications/entry-points/c56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605073255.000001C184700000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.accv.es00c56uoWlDXp.exe, 00000002.00000002.2605745013.000001C184A81000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A7D000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A8C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyc56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                  		high
                                                                                                                  https://readthedocs.org/projects/cryptography/badge/?version=latestc56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                    		high
                                                                                                                    https://foss.heptapod.net/pypy/pypy/-/issues/3539c56uoWlDXp.exe, 00000002.00000002.2603389187.000001C1840E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592486380.000001C1843CE000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://google.com/c56uoWlDXp.exe, 00000002.00000003.2593960232.000001C1843B7000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604571373.000001C1843B8000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://html4/loose.dtdc56uoWlDXp.exe, 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                                                                                                                            		high
                                                                                                                            https://mahler:8092/site-updates.pyc56uoWlDXp.exe, 00000002.00000003.2590765564.000001C1844D6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593452929.000001C1844DD000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588571768.000001C1844D3000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591032117.000001C1844D9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592380737.000001C1844DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.google.com/intl/en/about/products?tab=whc56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crl.securetrust.com/SGCA.crlc56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://ocsp.sectigo.com0c56uoWlDXp.exefalse
                                                                                                                                    		high
                                                                                                                                    http://.../back.jpegc56uoWlDXp.exe, 00000002.00000002.2605172373.000001C184830000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/pyca/cryptographyc56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://www.python.org/download/releases/2.3/mro/.c56uoWlDXp.exe, 00000002.00000002.2602300217.000001C183830000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://cryptography.io/METADATA.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://csp.withgoogle.com/csp/gws/other-hpc56uoWlDXp.exe, 00000002.00000002.2606350564.000001C184E90000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605172373.000001C184830000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://httpbin.org/postc56uoWlDXp.exe, 00000002.00000003.2593769041.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592825895.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597273168.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C184348000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592069701.000001C184349000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380548254.000001C184345000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcec56uoWlDXp.exe, 00000002.00000002.2602300217.000001C183830000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/pyca/cryptography/c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/Ousret/charset_normalizerc56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597135503.000001C184357000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382729668.000001C1849BE000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588425435.000001C1849BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.firmaprofesional.com/cps0c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A99000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593145212.000001C184008000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593831163.000001C18400B000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590443119.000001C184AA7000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599491106.000001C18400D000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602599513.000001C18400E000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589152476.000001C184A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specc56uoWlDXp.exe, 00000002.00000002.2602300217.000001C1838BC000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#c56uoWlDXp.exefalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/urllib3/urllib3/issues/2920c56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://.cssc56uoWlDXp.exe, 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.securetrust.com/SGCA.crl0c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datac56uoWlDXp.exe, 00000002.00000003.2592903930.000001C182017000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591652572.000001C18200A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2602093439.000001C18201A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2364245435.000001C182076000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://yahoo.com/c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591572043.000001C1843D2000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2604713420.000001C1843CB000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592486380.000001C1843D4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2596098329.000001C184406000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593637206.000001C1843CA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://crl.securetrust.com/STCA.crl0c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schema.org/WebPagec56uoWlDXp.exe, 00000002.00000003.2588476714.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605662044.000001C184A41000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6c56uoWlDXp.exe, 00000002.00000003.2593960232.000001C1843B7000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589690235.000001C184356000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590348019.000001C18438C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382822722.000001C184384000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589475356.000001C184354000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593083512.000001C1843B4000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592129290.000001C1843AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://cacerts.digicert.coc56uoWlDXp.exe, 00000000.00000003.2343235797.0000023F872C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://crl.securetrust.com/SGCA.crlMc56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2590019448.000001C184A5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl0c56uoWlDXp.exe, 00000000.00000003.2351853643.0000023F872C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://html.spec.whatwg.org/multipage/c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592825895.000001C184321000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599019987.000001C184344000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597958022.000001C18432F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C18431E000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.quovadisglobal.com/cps0c56uoWlDXp.exe, 00000002.00000003.2589654938.000001C18498C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2605404233.000001C18498D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlc56uoWlDXp.exe, 00000002.00000003.2589654938.000001C18498C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsc56uoWlDXp.exe, 00000002.00000002.2604975858.000001C184600000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0c56uoWlDXp.exe, 00000002.00000003.2589827406.000001C184A8C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588355396.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589354468.000001C184A88000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2587792676.000001C184A4C000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589265491.000001C184A78000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2589085975.000001C184A53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://cryptography.io/en/latest/changelog/c56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.rfc-editor.org/rfc/rfc8259#section-8.1c56uoWlDXp.exe, 00000002.00000003.2592753698.000001C184035000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://mail.python.org/mailman/listinfo/cryptography-devc56uoWlDXp.exe, 00000000.00000003.2346409490.0000023F872C8000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://www.google.comc56uoWlDXp.exe, 00000002.00000002.2604150196.000001C184315000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603584784.000001C1841E0000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2599343511.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592666963.000001C1842FC000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593748501.000001C184314000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593430788.000001C1840BF000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588948240.000001C1840AA000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588493405.000001C18409F000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2588305534.000001C184055000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000002.2603225877.000001C1840C1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C1842E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://requests.readthedocs.ioc56uoWlDXp.exe, 00000002.00000002.2606350564.000001C184E90000.00000004.00001000.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2593769041.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2382506828.000001C1842F6000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592825895.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2597273168.000001C18434A000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380836240.000001C184348000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2592069701.000001C184349000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2380548254.000001C184345000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591414591.000001C1842F9000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591276507.000001C1842F1000.00000004.00000020.00020000.00000000.sdmp, c56uoWlDXp.exe, 00000002.00000003.2591727368.000001C18431B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://.jpgc56uoWlDXp.exe, 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmp, _brotli.cp310-win_amd64.pyd.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://repository.swisssign.com/c56uoWlDXp.exe, 00000002.00000003.2588990088.000001C181FF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          172.217.19.228
                                                                                                                                                                                                          		www.google.comUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          20.233.83.145
                                                                                                                                                                                                          		github.comUnited States
                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                          185.199.111.133
                                                                                                                                                                                                          		raw.githubusercontent.comNetherlands
                                                                                                                                                                                                          		54113FASTLYUSfalse

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1575127
                                                                                                                                                                                                          Start date and time:2024-12-14 14:07:47 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 8m 33s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:8
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:c56uoWlDXp.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:216b100a2e23f120c05f482784c1de75.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal64.evad.winEXE@6/46@3/3
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 83%
                                                                                                                                                                                                          • Number of executed functions: 82
                                                                                                                                                                                                          • Number of non-executed functions: 173
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.12.23.50
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • VT rate limit hit for: c56uoWlDXp.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          20.233.83.145Y5kEUsYDFr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • github.com/keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exe
                                                                                                                                                                                                          185.199.111.133cr_asm2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                          cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                          cr_asm_hiddenz.ps1Get hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                          BeginSync lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          raw.githubusercontent.comgjvU5KOFhX.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                                                                                                                          • 185.199.110.133
                                                                                                                                                                                                          svhost.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.111.133
                                                                                                                                                                                                          hvqc3lk7ly.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                                                                                                          • 185.199.111.133
                                                                                                                                                                                                          j87MOFviv4.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          DvGZE4FU02.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          j3z5kxxt52.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          zpbiw0htk6.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.110.133
                                                                                                                                                                                                          file.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                                                                                                                          • 185.199.111.133
                                                                                                                                                                                                          WXahq3ZEss.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                          https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.109.133
                                                                                                                                                                                                          github.comzpbiw0htk6.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 185.199.110.133
                                                                                                                                                                                                          in.exeGet hashmaliciousBabadeda, HTMLPhisherBrowse
                                                                                                                                                                                                          • 20.233.83.145
                                                                                                                                                                                                          https://feji.us/m266heGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 20.233.83.145
                                                                                                                                                                                                          PixelFlasher.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 20.233.83.145
                                                                                                                                                                                                          https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 20.233.83.145
                                                                                                                                                                                                          Downloader.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 20.233.83.145
                                                                                                                                                                                                          dYUteuvmHn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 20.233.83.145
                                                                                                                                                                                                          Dfim58cp4J.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                          • 20.233.83.145
                                                                                                                                                                                                          interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                          • 20.233.83.145

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          FASTLYUSPO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                          • 151.101.193.137
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                          • 151.101.193.91
                                                                                                                                                                                                          https://www.google.co.ao/url?Obdy=ObM8wNGVUva21gnTm3qS&cgsr=7knoOQwChvIkzgfn0TSm&sa=t&wofc=nQYL5DF797O1da77PTBQ&url=amp%2Fprimer-distrito-amvt.org%2F.r%2F7T2aAE-SUREDANNYWthbnNoYS5rYW5vZGlhQGx0aW1pbmR0cmVlLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 151.101.66.137
                                                                                                                                                                                                          https://u13974777.ct.sendgrid.net/ls/click?upn=u001.1GFl1p-2BBYL-2Bhgs5F-2B0NOkrtNxvRU5lHyHn9X7Gay0rMweTw4Bty7YorCE1pBfo679HN2Nod-2BfRWA-2FvzNVU6n0ycgVO9YFLntVOrRszMr10A-3DE-mj_xaXJc0NsC5WAXuVv6HNgzGH9nxkzD8xRdi-2BQVNVTAgV30zfSKc1z4I-2Bc6Qx1hEzdtXusfFTLvSScqQmgK1DgmCe6NsmhCnbLpmZI7EPM56c0IpOXy2jX8FUofqX-2FLwkrDNu-2BJ8VdkhW-2BcibVgB56YvBarWAJ68QdVLDk-2BreYFAbG2RxK5FI2ZOf8OuVaYqzfkm-2FGiI9tY4Y1XN-2FN7Uh8Vtzi-2FP-2B8s9qjOHBuznAYsq-2B4GCewCcJExgcNnMrLH-2B3Pv6vH6wzFQkN2aMTddwwaWvcIkZYQDF7aLn1FYUQMocCkCTJEmkArX-2Bdrge72rYVSFN-2FsI6AAcwN5SA74y-2B4g6Q-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 151.101.65.44
                                                                                                                                                                                                          http://vzgb5l.elnk8.com/83885021a686e36f9150aaf51cbc0afdhGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 151.101.2.217
                                                                                                                                                                                                          https://www.canva.com/link?target=https%3A%2F%2Fgu3.watetiona.com%2FYEcft%2F&design=DAGZLjls8N8&accessRole=viewer&linkSource=documentGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 151.101.129.181
                                                                                                                                                                                                          18037.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 151.101.67.6
                                                                                                                                                                                                          Codale Electric Supply Health Insurance Benefits Open Enrollment Plan.html.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 151.101.1.229
                                                                                                                                                                                                          https://unicoengineering.microsoftfederalcloud.com/TvL1x?e=acis.teamangie@amwins.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 151.101.2.137
                                                                                                                                                                                                          https://docs.google.com/presentation/d/e/2PACX-1vSwojdyiXkpmoOGroSpmyU1bXlyQ1pGq6J4xqXeFbLhc-orzr_d9gd79t3Kfc7MNOR4W_H4cofhR0E4/pub?start=false&loop=false&delayms=3000Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUShttps://www.google.co.ao/url?Obdy=ObM8wNGVUva21gnTm3qS&cgsr=7knoOQwChvIkzgfn0TSm&sa=t&wofc=nQYL5DF797O1da77PTBQ&url=amp%2Fprimer-distrito-amvt.org%2F.r%2F7T2aAE-SUREDANNYWthbnNoYS5rYW5vZGlhQGx0aW1pbmR0cmVlLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 13.107.137.11
                                                                                                                                                                                                          https://www.canva.com/link?target=https%3A%2F%2Fgu3.watetiona.com%2FYEcft%2F&design=DAGZLjls8N8&accessRole=viewer&linkSource=documentGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 20.10.16.51
                                                                                                                                                                                                          https://pvlcorp-my.sharepoint.com/personal/ksears_provisionliving_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fksears%5Fprovisionliving%5Fcom%2FDocuments%2FBetter%20Call%20Armstrong&ga=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.136.10
                                                                                                                                                                                                          Codale Electric Supply Health Insurance Benefits Open Enrollment Plan.html.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          _EXTERNAL_ Action Required_ Access & Approve Closing Document.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.47.74.28
                                                                                                                                                                                                          https://docs.google.com/presentation/d/e/2PACX-1vSwojdyiXkpmoOGroSpmyU1bXlyQ1pGq6J4xqXeFbLhc-orzr_d9gd79t3Kfc7MNOR4W_H4cofhR0E4/pub?start=false&loop=false&delayms=3000Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 20.190.181.0
                                                                                                                                                                                                          FW_ TBI Construction Company.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 52.109.76.144
                                                                                                                                                                                                          https://poplast-poplast.powerappsportals.com/?e=e83cfd89&h=e7e60467&f=y&p=y&l=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          elitebotnet.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                          • 40.86.60.233
                                                                                                                                                                                                          elitebotnet.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                          • 40.100.26.84

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI70482\VCRUNTIME140.dllinterior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                            run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                AB05_WRK_BLD01_2024-11-27_20_05_35.381.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  based.exeGet hashmaliciousDCRat, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                                                                                                                                    grass.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      grass.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        Mutant spaceship.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          Mutant spaceship.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Mage Alteration.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI70482\VCRUNTIME140_1.dllinterior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    based.exeGet hashmaliciousDCRat, PureLog Stealer, Xmrig, zgRATBrowse
                                                                                                                                                                                                                                      https://github.com/thonny/thonny/releases/download/v4.1.6/thonny-4.1.6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        crss.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          BB.batGet hashmaliciousBraodoBrowse
                                                                                                                                                                                                                                            LtzEfymDs1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              Bypass Apk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                Bypass Apk.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\VCRUNTIME140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98224
                                                                                                                                                                                                                                                  Entropy (8bit):6.452201564717313
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                                                                                                                                                                                                                  MD5:F34EB034AA4A9735218686590CBA2E8B
                                                                                                                                                                                                                                                  SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                                                                                                                                                                                                                  SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                                                                                                                                                                                                                  SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: interior-design-villa-a23.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: run.cmd, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: zW72x5d91l.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: AB05_WRK_BLD01_2024-11-27_20_05_35.381.zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: based.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: grass.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: grass.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Mutant spaceship.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Mutant spaceship.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Mage Alteration.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):37256
                                                                                                                                                                                                                                                  Entropy (8bit):6.297533243519742
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:5hnvMCmWEKhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+Xf0+uncS7IO5WrCKWU/tQ0g:YCm5KhUcwrHY/ntTxT6ov07b4SwY1zl
                                                                                                                                                                                                                                                  MD5:135359D350F72AD4BF716B764D39E749
                                                                                                                                                                                                                                                  SHA1:2E59D9BBCCE356F0FECE56C9C4917A5CACEC63D7
                                                                                                                                                                                                                                                  SHA-256:34048ABAA070ECC13B318CEA31425F4CA3EDD133D350318AC65259E6058C8B32
                                                                                                                                                                                                                                                  SHA-512:CF23513D63AB2192C78CAE98BD3FEA67D933212B630BE111FA7E03BE3E92AF38E247EB2D3804437FD0FDA70FDC87916CD24CF1D3911E9F3BFB2CC4AB72B459BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: interior-design-villa-a23.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: run.cmd, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: zW72x5d91l.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: based.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: crss.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: BB.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: LtzEfymDs1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Bypass Apk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Bypass Apk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...)|.a.........." .....:...6......`A....................................................`A.........................................l.......m..x....................n...#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_brotli.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):820736
                                                                                                                                                                                                                                                  Entropy (8bit):6.056282443190043
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:tY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfRFo:tp0NA1tAmZfR
                                                                                                                                                                                                                                                  MD5:EE3D454883556A68920CAAEDEFBC1F83
                                                                                                                                                                                                                                                  SHA1:45B4D62A6E7DB022E52C6159EEF17E9D58BEC858
                                                                                                                                                                                                                                                  SHA-256:791E7195D7DF47A21466868F3D7386CFF13F16C51FCD0350BF4028E96278DFF1
                                                                                                                                                                                                                                                  SHA-512:E404ADF831076D27680CC38D3879AF660A96AFC8B8E22FFD01647248C601F3C6C4585D7D7DC6BBD187660595F6A48F504792106869D329AA1A0F3707D7F777C6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.r.q...q...q...x...y......s...:...s......|......y......r.....r...q...L.....Q.....p.....p.....p...Richq...........PE..d... ..d.........." ...#.@...H.......F....................................................`.........................................@c..`....c.......................................9..............................P8..@............P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata...............h..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_bz2.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):83736
                                                                                                                                                                                                                                                  Entropy (8bit):6.595094797707322
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:hXOz78ZqjUyAsIi7W/5+D8W35mjZm35ILCVM7SyfYPxe:pOzwpyAFi7WMgW34jZm35ILCVMZoxe
                                                                                                                                                                                                                                                  MD5:86D1B2A9070CD7D52124126A357FF067
                                                                                                                                                                                                                                                  SHA1:18E30446FE51CED706F62C3544A8C8FDC08DE503
                                                                                                                                                                                                                                                  SHA-256:62173A8FADD4BF4DD71AB89EA718754AA31620244372F0C5BBBAE102E641A60E
                                                                                                                                                                                                                                                  SHA-512:7DB4B7E0C518A02AE901F4B24E3860122ACC67E38E73F98F993FE99EB20BB3AA539DB1ED40E63D6021861B54F34A5F5A364907FFD7DA182ADEA68BBDD5C2B535
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.>...m...m...m.}<m...m.p.l...m.jRm...m.p.l...m.p.l...m.p.l...mup.l...m.}.l...m...m...mup.l...mup.l...mupPm...mup.l...mRich...m................PE..d.....,d.........." .........\..............................................P............`......................................... ...H...h........0....... ..,......../...@......`...T...............................8............................................text.............................. ..`.rdata...=.......>..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):178176
                                                                                                                                                                                                                                                  Entropy (8bit):6.160618368535074
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:a28mc0wlApJaPh2dEVWkS0EDejc2zSTBcS7EkSTLkKDtJbtb:axTlApohBV1S0usWchkSTLLDDt
                                                                                                                                                                                                                                                  MD5:2BAAA98B744915339AE6C016B17C3763
                                                                                                                                                                                                                                                  SHA1:483C11673B73698F20CA2FF0748628C789B4DC68
                                                                                                                                                                                                                                                  SHA-256:4F1CE205C2BE986C9D38B951B6BCB6045EB363E06DACC069A41941F80BE9068C
                                                                                                                                                                                                                                                  SHA-512:2AE8DF6E764C0813A4C9F7AC5A08E045B44DAAC551E8FF5F8AA83286BE96AA0714D373B8D58E6D3AA4B821786A919505B74F118013D9FCD1EBC5A9E4876C2B5F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#...p...p...p...p...p.y.q...p.y{p...p.y.q...p.y.q...p.y.q...p.q...pi..q...p...pX..p.x.q...p...p...p.x.q...p.xyp...p.x.q...pRich...p................PE..d......f.........." ...).....B.............................................. ............`.........................................PX..l....X.......................................?...............................=..@............................................text............................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_ctypes.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):123672
                                                                                                                                                                                                                                                  Entropy (8bit):6.047035801914277
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:0OEESRiaiH6lU1vxqfrId0sx3gVILLPykxA:hj+I1vAfrIRx3gN
                                                                                                                                                                                                                                                  MD5:1635A0C5A72DF5AE64072CBB0065AEBE
                                                                                                                                                                                                                                                  SHA1:C975865208B3369E71E3464BBCC87B65718B2B1F
                                                                                                                                                                                                                                                  SHA-256:1EA3DD3DF393FA9B27BF6595BE4AC859064CD8EF9908A12378A6021BBA1CB177
                                                                                                                                                                                                                                                  SHA-512:6E34346EA8A0AACC29CCD480035DA66E280830A7F3D220FD2F12D4CFA3E1C03955D58C0B95C2674AEA698A36A1B674325D3588483505874C2CE018135320FF99
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............d...d...d.......d...e...d...a...d...`...d...g...d.d.e...d...`...d...e...d.:.e...d...e.I.d.d.i...d.d.d...d.d...d.d.f...d.Rich..d.........................PE..d.....,d.........." ................@Z..............................................!.....`..........................................P.......P..................D......../..............T...........................0...8...............H............................text............................... ..`.rdata...k.......l..................@..@.data...T>...p...8...\..............@....pdata..D...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_decimal.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):254744
                                                                                                                                                                                                                                                  Entropy (8bit):6.564308911485739
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:3LT2sto29vTlN5cdIKdo4/3VaV8FlBa9qWMa3pLW1A/T8O51j4iab9M:H2s/9vTlPcdk4vVtFU98iIu
                                                                                                                                                                                                                                                  MD5:20C77203DDF9FF2FF96D6D11DEA2EDCF
                                                                                                                                                                                                                                                  SHA1:0D660B8D1161E72C993C6E2AB0292A409F6379A5
                                                                                                                                                                                                                                                  SHA-256:9AAC010A424C757C434C460C3C0A6515D7720966AB64BAD667539282A17B4133
                                                                                                                                                                                                                                                  SHA-512:2B24346ECE2CBD1E9472A0E70768A8B4A5D2C12B3D83934F22EBDC9392D9023DCB44D2322ADA9EDBE2EB0E2C01B5742D2A83FA57CA23054080909EC6EB7CF3CA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........76..VX..VX..VX.....VX..#Y..VX..#]..VX..#\..VX..#[..VX.t#Y..VX...Y..VX..VY.+VX.t#[..VX.t#U..VX.t#X..VX.t#...VX.t#Z..VX.Rich.VX.........................PE..d.....,d.........." .....|...:.......................................................r....`..........................................T..P...0U...................'......./......<...0...T...............................8............................................text....{.......|.................. ..`.rdata..............................@..@.data....)...p...$...X..............@....pdata...'.......(...|..............@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_hashlib.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):64792
                                                                                                                                                                                                                                                  Entropy (8bit):6.223467179037751
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:/smKJPganCspF1dqZAC2QjP2RILOIld7SyEPxDF:/smKpgNoF1dqZDnjP2RILOIv2xB
                                                                                                                                                                                                                                                  MD5:D4674750C732F0DB4C4DD6A83A9124FE
                                                                                                                                                                                                                                                  SHA1:FD8D76817ABC847BB8359A7C268ACADA9D26BFD5
                                                                                                                                                                                                                                                  SHA-256:CAA4D2F8795E9A55E128409CC016E2CC5C694CB026D7058FC561E4DD131ED1C9
                                                                                                                                                                                                                                                  SHA-512:97D57CFB80DD9DD822F2F30F836E13A52F771EE8485BC0FD29236882970F6BFBDFAAC3F2E333BBA5C25C20255E8C0F5AD82D8BC8A6B6E2F7A07EA94A9149C81E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..b?..b?..b?......b?..>..b?..:..b?..;..b?..<..b?.2.>..b?..>..b?.7.>..b?..b>.pb?.2.2..b?.2.?..b?.2....b?.2.=..b?.Rich.b?.........PE..d.....,d.........." .....P...........<....................................................`............................................P...0............................/......T....k..T............................k..8............`.. ............................text....N.......P.................. ..`.rdata..4P...`...R...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_lzma.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):158488
                                                                                                                                                                                                                                                  Entropy (8bit):6.8491143497239655
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:j0k3SXjD9aWpAn3rb7SbuDlvNgS4fWqEznfo9mNoFTSlXZ8Ax5ILZ1GIxq:j0kiXjD9v8X7Euk4wYOFTafxn
                                                                                                                                                                                                                                                  MD5:7447EFD8D71E8A1929BE0FAC722B42DC
                                                                                                                                                                                                                                                  SHA1:6080C1B84C2DCBF03DCC2D95306615FF5FCE49A6
                                                                                                                                                                                                                                                  SHA-256:60793C8592193CFBD00FD3E5263BE4315D650BA4F9E4FDA9C45A10642FD998BE
                                                                                                                                                                                                                                                  SHA-512:C6295D45ED6C4F7534C1A38D47DDC55FEA8B9F62BBDC0743E4D22E8AD0484984F8AB077B73E683D0A92D11BF6588A1AE395456CFA57DA94BB2A6C4A1B07984DE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.M...M...M...D..I.......O.......F.......E.......N.......N.......O...M...(.......w.......L.......L.......L...RichM...................PE..d...&.,d.........." .....`..........p3...............................................4....`.............................................L.......x....`.......@.......<.../...p..D...H{..T............................{..8............p...............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`.......0..............@..@.reloc..D....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_pytransform.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1165824
                                                                                                                                                                                                                                                  Entropy (8bit):7.056438123589778
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:LsZDXB6wmcZzdcZ7fUoPHUEXLznTBenIGHSQt:QZDXB6wmcUfTQHHt
                                                                                                                                                                                                                                                  MD5:23376A4DF02C2BB0B770930449355ACB
                                                                                                                                                                                                                                                  SHA1:05878E4A25B07C74B03EE9C2396E15E9933F1C98
                                                                                                                                                                                                                                                  SHA-256:E999F10F53A09DDD5C6E05AD8BD3635C43D1035EB70AFD32463875A1AEF030CD
                                                                                                                                                                                                                                                  SHA-512:B7A96E6FA0744201E54EDF748FB89ED243834B3569867222857A1C03C30F485EA4FAFF4901CCA57F699353771FB7F053A2AFE1E6FD2C3687B0073A3E9ED9602D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....b..........0..........p.....................................[........ .........................................+........................'...........................................`..(...................d................................text...ha.......b..................`.P`.data................f..............@.`..rdata..p............h..............@.`@.pdata...'.......(...V..............@.0@.xdata..L,...........~..............@.0@.bss....h.............................`..edata..+...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_queue.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):31512
                                                                                                                                                                                                                                                  Entropy (8bit):6.563116725717513
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:bxrUGCpa6rIxdK/rAwVILQU85YiSyvz5PxWEaAc:trUZIzYrAwVILQUG7SydPxDc
                                                                                                                                                                                                                                                  MD5:D8C1B81BBC125B6AD1F48A172181336E
                                                                                                                                                                                                                                                  SHA1:3FF1D8DCEC04CE16E97E12263B9233FBF982340C
                                                                                                                                                                                                                                                  SHA-256:925F05255F4AAE0997DC4EC94D900FD15950FD840685D5B8AA755427C7422B14
                                                                                                                                                                                                                                                  SHA-512:CCC9F0D3ACA66729832F26BE12F8E7021834BBEE1F4A45DA9451B1AA5C2E63126C0031D223AF57CF71FAD2C85860782A56D78D8339B35720194DF139076E0772
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a............................................V...................V......V......V......V......Rich....................PE..d.....,d.........." .........6......................................................N.....`.........................................@C..L....C..d....p.......`.......L.../...........3..T...........................p3..8............0.. ............................text...~........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_socket.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):79128
                                                                                                                                                                                                                                                  Entropy (8bit):6.284790077237953
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:ZmtvsXhgzrojAs9/s+S+pGLypbyxk/DDTBVILLwX7SyiPx9:c56OzyAs9/sT+pGLypb+k/XFVILLwX4f
                                                                                                                                                                                                                                                  MD5:819166054FEC07EFCD1062F13C2147EE
                                                                                                                                                                                                                                                  SHA1:93868EBCD6E013FDA9CD96D8065A1D70A66A2A26
                                                                                                                                                                                                                                                  SHA-256:E6DEB751039CD5424A139708475CE83F9C042D43E650765A716CB4A924B07E4F
                                                                                                                                                                                                                                                  SHA-512:DA3A440C94CB99B8AF7D2BC8F8F0631AE9C112BD04BADF200EDBF7EA0C48D012843B4A9FB9F1E6D3A9674FD3D4EB6F0FA78FD1121FAD1F01F3B981028538B666
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:...:...:...3.i.<...h...8...h...6...h...2...h...9.......8...:.......q...=.......;.......;.......;.......;...Rich:...........PE..d.....,d.........." .....l...........%.......................................P............`.............................................P............0....... ..<......../...@..........T..............................8............................................text...fj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\_ssl.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):160536
                                                                                                                                                                                                                                                  Entropy (8bit):6.027748879187965
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:OwYiZ+PtocHnVXhLlasuvMETxoEBA+nbUtGnBSonJCNI5ILC7Gax1:FYk+PtocHVxx/uvPCEwhGJ
                                                                                                                                                                                                                                                  MD5:7910FB2AF40E81BEE211182CFFEC0A06
                                                                                                                                                                                                                                                  SHA1:251482ED44840B3C75426DD8E3280059D2CA06C6
                                                                                                                                                                                                                                                  SHA-256:D2A7999E234E33828888AD455BAA6AB101D90323579ABC1095B8C42F0F723B6F
                                                                                                                                                                                                                                                  SHA-512:BFE6506FEB27A592FE9CF1DB7D567D0D07F148EF1A2C969F1E4F7F29740C6BB8CCF946131E65FE5AA8EDE371686C272B0860BD4C0C223195AAA1A44F59301B27
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C.-...-...-.....-...,...-...(...-...)...-.......-.W.,...-.R.,...-...,...-...,...-.W. ...-.W.-...-.W....-.W./...-.Rich..-.................PE..d.....,d.........." ................l*..............................................%.....`.............................................d...........`.......P.......D.../...p..8.......T...............................8............................................text...(........................... ..`.rdata..6...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21944
                                                                                                                                                                                                                                                  Entropy (8bit):4.581849560446579
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:zgxmWZhWNWEXCVWQ4iWs8kDoSJj+iX01k9z3ATa78z:zYmWZhWaLDX+iR9zYa78z
                                                                                                                                                                                                                                                  MD5:ABF632072CBD888AF8043DE027C13C2F
                                                                                                                                                                                                                                                  SHA1:ADF3AA8223919979133A04A0D395C518644D8147
                                                                                                                                                                                                                                                  SHA-256:586A57874C6F3B58C809D9362EACE143319AF655E46D58552F8D5B077953E019
                                                                                                                                                                                                                                                  SHA-512:350F6DDB128B70CDF0C46778CD8F87DB0BCAFEAFAE4C4A6F70489015C72D5F2D71E0C69F24EFE8EA3630076E6F212BB984C128F70ED4A3678E745FC112DA55B6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...D............." ...&.....0...............................................@............`A........................................p...L............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22056
                                                                                                                                                                                                                                                  Entropy (8bit):5.34844131908972
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:rnaOMw3zdp3bwjGzue9/0jCRrndb5WZhWth4kXC4deR9zZj7yu:uOMwBprwjGzue9/0jCRrndbkE4kXC4dq
                                                                                                                                                                                                                                                  MD5:F9653F362C597CA64C309D5B0F817D6D
                                                                                                                                                                                                                                                  SHA1:692FDE89E166B64EDFF6CF75663D4232415467A2
                                                                                                                                                                                                                                                  SHA-256:70FB4062A84F05B4DBBB045EC853A12D0C664ECCB5327799EBC9054864157C97
                                                                                                                                                                                                                                                  SHA-512:93BAA401E0138FB02C2616B5B37648DE8BF8F9B80545B41B87E99E6A637B93955BA5062338F2CFA623CA0A46C61CEAC608A8FE674B944BFD5566F226A258590F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d.....#w.........." ...&.....0...............................................@.......f....`A........................................p................0...............0..(&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21960
                                                                                                                                                                                                                                                  Entropy (8bit):4.763828925346509
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:skDfIeeWZhWsWJWadJCsVWQ4iWZOCjVi6KrIX01k9z3A5khU16h:skDfIeeWZhWZCsaO49R9z+v1M
                                                                                                                                                                                                                                                  MD5:8E9C0B07748F80F641BA733FCF4651DB
                                                                                                                                                                                                                                                  SHA1:7F607C71BA1037FA1127DBD0DB5EEC378C68B6AB
                                                                                                                                                                                                                                                  SHA-256:4112FC58D1226581A5F8020B80C1EE8FFA97143E1FC22605E851EC3C8B14CA1E
                                                                                                                                                                                                                                                  SHA-512:E9E7B97B9DF8AC2FC4CE666305E506F93494F3A1F1B20D9DFCEE4C6274232436D48731B93AB69F49754D3AB8C063F2DB67BF05B99CB6FE23FBB3CE195F2F5131
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d................" ...&.....0...............................................@............`A........................................p................0...............0...%..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22056
                                                                                                                                                                                                                                                  Entropy (8bit):4.818952934718112
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:BtZ3rWZhWTWEXCVWQ4KWJekXC4dlgX01k9z3AIj7UKq:BtZ3rWZhWoyekXC4deR9zZj7Ub
                                                                                                                                                                                                                                                  MD5:C71A4D5E21D8DBCDFD8B5B51DD39A11B
                                                                                                                                                                                                                                                  SHA1:5F8D6C8D489AE1FF402A7C427778F02E40A9E26D
                                                                                                                                                                                                                                                  SHA-256:82044337A6B2418B134082994ADBE19E90CA34AA2922ECD02ABA5F3FB333E21D
                                                                                                                                                                                                                                                  SHA-512:ECE43643758A011BC9142A4F51B451B9E52B5EAC45D872BD5B119B3C9A4B94F62868A87EDCDDFFDF7CEB2B8649552616512C91A791417C3817D5426A08061A6C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...^Q............" ...&.....0...............................................@......RD....`A........................................p...x............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-sysinfo-l1-2-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22056
                                                                                                                                                                                                                                                  Entropy (8bit):4.686928587985354
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:yULWZhWyWEXCVWQ4KWws5KDUX01k9z3AmaSJbb:yULWZhWl4pR9zX7Jf
                                                                                                                                                                                                                                                  MD5:832B66CE3058C7CBFD6CD4CB65EDA0B3
                                                                                                                                                                                                                                                  SHA1:0AD1097050FB0299191ED90E3BE2C598086DC458
                                                                                                                                                                                                                                                  SHA-256:67CE3872DBEA18929A87DD6CF06E8CF5198AAB8FAA0EAD47C2E1D94772E74EAF
                                                                                                                                                                                                                                                  SHA-512:CE74E7F811AB33D41E3F8C93ED87DA551B1B87D50DC5AA21E319658EC67303281ABECAFAC21AFF622ACC64E3E4EBEBBBD5178BB95C92ADACB6D394F1734B2FB9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...7............." ...&.....0...............................................@......(t....`A........................................p...h............0...............0..(&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21944
                                                                                                                                                                                                                                                  Entropy (8bit):4.787944006568791
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ShmnWZhWYWEXCVWQ4iW6lhH+KIjwX01k9z3AQqyqNz:SAWZhWzzH3HR9z3sJ
                                                                                                                                                                                                                                                  MD5:D01D284DEC356919871971777646192F
                                                                                                                                                                                                                                                  SHA1:BD9BA031E3E5508B827CEEFFA5E99B21A4BEC594
                                                                                                                                                                                                                                                  SHA-256:AFC2303DA14E6935F3A12AD58A191E429BD6E8793B6E19D6A7E1E381AB458E2D
                                                                                                                                                                                                                                                  SHA-512:CADBB40D24EBA046985BC5B5C3F026DA118AE4EBA0EB42887C4695A0AEC50A2221CD4722E3D156C26DA467B839BC8FFA1DF674089B7CCD11A6BA69B9B0DCB2ED
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....*............" ...&.....0...............................................@............`A........................................p...H............0...............0...%..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22072
                                                                                                                                                                                                                                                  Entropy (8bit):4.809615671462726
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:1DWZhWJQWJWadJCsVWQ4KWvsxwVIX01k9z3A2rRDJOP2:NWZhWHCsseR9zLdIu
                                                                                                                                                                                                                                                  MD5:13AF76256F5D2E440E2D78EF3D927C36
                                                                                                                                                                                                                                                  SHA1:CC0B0DB94A20258B9B9533592F4B906AEE001447
                                                                                                                                                                                                                                                  SHA-256:F2FE68D3130784E19B2D7CA2E78AAEF78D9E4727502587DA3D7210FD84B93A34
                                                                                                                                                                                                                                                  SHA-512:337DA49785C85CC7538BE95BFD74BB85D2CB4410002B40CD529C7721E49E47C49D6D324C5A6F4BDA6A4827555499D5927E6F8B9FC9C03C8BC6923B14B01DE2F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...j5O@.........." ...&.....0...............................................@............`A............................................e............0...............0..8&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26168
                                                                                                                                                                                                                                                  Entropy (8bit):5.011801564375424
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:HmGqX8mPrpJhhf4AN5/KixWZhWgWJWadJCsVWQ4KW8Y00pyEuX01k9z3A2pCaCI+:Hysyr7PWZhWtCsJEpcR9zjpCQU
                                                                                                                                                                                                                                                  MD5:46A31948BCF00252DE817BB3986F9850
                                                                                                                                                                                                                                                  SHA1:B2C0770FAD55CD42072B5BE4A9CC63D84BB29CCB
                                                                                                                                                                                                                                                  SHA-256:93EA58134F44DF4149FE01D2A944AF0452681AFBA3502DF53D4DE4B371D5F093
                                                                                                                                                                                                                                                  SHA-512:A7963416D8BC063C4143B0E486A2A373D4B843E75A98E73D3317F31005D63E1900298655CC411DE8EB514B403284E1E313BD1C26C99C8D5C57BE961C61F76B71
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d....Xj..........." ...&.....@...............................................P.......4....`A............................................4............@...............@..8&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26040
                                                                                                                                                                                                                                                  Entropy (8bit):5.258102701200734
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:1CV5yguNvZ5VQgx3SbwA71IkFhvmoQ9z/:y5yguNvZ5VQgx3SbwA71IyvmVz/
                                                                                                                                                                                                                                                  MD5:D10843B7DF0D4FA6E121F147BAD52AD8
                                                                                                                                                                                                                                                  SHA1:FCDAF4E2B1F930D450F8F280BB034590C5BCC620
                                                                                                                                                                                                                                                  SHA-256:2C8F6F45B591EDE7EE9B59646F7A32707987B2F6A914F81183F4F632B04D7E5B
                                                                                                                                                                                                                                                  SHA-512:326C3A3F5EAA66ADA76067A01273DC89387B265D9ECEC9683A4A9D90B93E6204CCDC2F447085FE6DD23DAE7190D62B6415199ECD576807F7FD69E53AD8BC3DC3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d......G.........." ...&.....@...............................................P......K.....`A.........................................................@...............@...%..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22056
                                                                                                                                                                                                                                                  Entropy (8bit):5.230969410392918
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:LlhwDiWZhWfWEXCVWQ4KWLSIfKUSIX01k9z3Ar9Ph6Gn:dWZhW0K32IR9zCFj
                                                                                                                                                                                                                                                  MD5:C33E6189C276BACA5EFDC5BC2E407463
                                                                                                                                                                                                                                                  SHA1:B76774F04AF13D1C65624812F2E41E2703964855
                                                                                                                                                                                                                                                  SHA-256:1D50E5E97AF403DF6B87FCDE0686DC4D4664AC865FA110C6BFECC13ED08A68DE
                                                                                                                                                                                                                                                  SHA-512:37AF28B0CE68D1D99CEA7EF198603FEA048A641714464432101655E097CE708B3F59185106182DBD13EB7FCA7CE6B4CB246626C01061F2591941A097082F1D7D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%$..aEw.aEw.aEw.....`Ew...w.`Ew...s.cEw....`Ew...u.`Ew.RichaEw.........PE..d...M.l..........." ...&.....0...............................................@......S/....`A.........................................................0...............0..(&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\base_library.zip

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):880569
                                                                                                                                                                                                                                                  Entropy (8bit):5.682987069160234
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:cgYJu4KXWyBC6SqIEa8A4a2YM2xdOVwx/fpEmertSLMNP:cgYJiVBnLa27TVwx/fpEme+MNP
                                                                                                                                                                                                                                                  MD5:5FB921FC61B847FEB5EA296D57897853
                                                                                                                                                                                                                                                  SHA1:C18C3C506E5CF3866653B1BC451206F6FA26FE15
                                                                                                                                                                                                                                                  SHA-256:EED10F829462FD73C44BEE36E4C08AFFC585DAF3135725ECA11F658E56F6687F
                                                                                                                                                                                                                                                  SHA-512:DF7AF5FDB75CB5F261A247FDF93CC1E37E4C97334F82336FC5626372FFA3D1C9E55F1903E498E1CE0261622B7FECFEA0A11D35815764193C727D01ACA9C53D5B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PK..........!..,..5...5......._collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\certifi\cacert.pem

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):299427
                                                                                                                                                                                                                                                  Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                                  MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                                  SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                                  SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                                  SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                  Entropy (8bit):4.675182011095312
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:FL8Khp72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFaiHrmHcX6g8cim1qeSC:Zj2HzzU2bRYoe4Hmcqgvimoe
                                                                                                                                                                                                                                                  MD5:F33CA57D413E6B5313272FA54DBC8BAA
                                                                                                                                                                                                                                                  SHA1:4E0CABE7D38FE8D649A0A497ED18D4D1CA5F4C44
                                                                                                                                                                                                                                                  SHA-256:9B3D70922DCFAEB02812AFA9030A40433B9D2B58BCF088781F9AB68A74D20664
                                                                                                                                                                                                                                                  SHA-512:F17C06F4202B6EDBB66660D68FF938D4F75B411F9FAB48636C3575E42ABAAB6464D66CB57BCE7F84E8E2B5755B6EF757A820A50C13DD5F85FAA63CD553D3FF32
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6..^W..^W..^W..W/..\W..K(..\W.../..\W..K(..UW..K(..VW..K(..]W.."..]W..^W..xW..g.._W..g.._W..g.a._W..g.._W..Rich^W..........PE..d....hAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):120320
                                                                                                                                                                                                                                                  Entropy (8bit):5.879886869577473
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:YKBCiXU2SBEUemE+OaOb3OEOz0fEDrF9pQKhN:YJZ2zOfdQKX
                                                                                                                                                                                                                                                  MD5:494F5B9ADC1CFB7FDB919C9B1AF346E1
                                                                                                                                                                                                                                                  SHA1:4A5FDDD47812D19948585390F76D5435C4220E6B
                                                                                                                                                                                                                                                  SHA-256:AD9BCC0DE6815516DFDE91BB2E477F8FB5F099D7F5511D0F54B50FA77B721051
                                                                                                                                                                                                                                                  SHA-512:2C0D68DA196075EA30D97B5FD853C673E28949DF2B6BF005AE72FD8B60A0C036F18103C5DE662CAC63BAAEF740B65B4ED2394FCD2E6DA4DFCFBEEF5B64DAB794
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........SRxr.Rxr.Rxr.[...Zxr.G.s.Pxr...s.Pxr.G.w._xr.G.v.Zxr.G.q.Qxr...s.Qxr.Rxs..xr.k.z.Sxr.k.r.Sxr.k...Sxr.k.p.Sxr.RichRxr.........................PE..d....hAe.........." ...%............02....................................... ............`.............................................d..........................................Px...............................w..@............@...............................text...X-.......................... ..`.rdata...X...@...Z...2..............@..@.data...8=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\INSTALLER

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\METADATA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5440
                                                                                                                                                                                                                                                  Entropy (8bit):5.074342830021076
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:DlaQIUQIhQIKQILbQIRIaMPktjaVxsxA2TtLDmplH7dwnqTIvrUmA0JQTQCQx5KN:LcPuP1srTtLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                                  MD5:554DC6138FDBF98B7F1EDFE207AF3D67
                                                                                                                                                                                                                                                  SHA1:B6C806E2AFF9A0F560916A90F793348DBF0514BA
                                                                                                                                                                                                                                                  SHA-256:0064A9B5FD2AC18605E512EF7127318AD9CF259E9445488C169F237A590602E1
                                                                                                                                                                                                                                                  SHA-512:3A71B533874F4D0F94F15192791D2FA4DF9E8EBF184C711F1D4FA97230C04764C1C9A93258355B08107E5B72053C6901E883E3DB577E8A204D5B9EB3F8BC7BFC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.1.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\RECORD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15485
                                                                                                                                                                                                                                                  Entropy (8bit):5.565127003270759
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:bXsToLNz5jF4E1tkhX/v4WP36W1HepPN+NX6in5Hqw/S+B:bX3LNhCEu/9P36W1HepPN+96inb7B
                                                                                                                                                                                                                                                  MD5:EF626C1B4484F2436E1C2B21E155ABE0
                                                                                                                                                                                                                                                  SHA1:364B0B70A54D279E3DCCBFADF5AFF8F46433F909
                                                                                                                                                                                                                                                  SHA-256:542C4BFCBCD5EAA884C3701611F4A3E5F3A3AF7EF2DE01E7FF66E647848D81A3
                                                                                                                                                                                                                                                  SHA-512:B9244519BFB3A638104988E6A702AD322E90C88B3C1FE0CCA128318D915AD48B83BBE8B6D46932D9B4A0DECF45441230940D52339C77340AC4035D3C86713CC1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:cryptography-43.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.1.dist-info/METADATA,sha256=AGSptf0qwYYF5RLvcScxitnPJZ6URUiMFp8jelkGAuE,5440..cryptography-43.0.1.dist-info/RECORD,,..cryptography-43.0.1.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.1.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.1.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.1.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=pY_pmYXjJTK-LjfCu7ot0NMj0QC2dkD1dCPyV8QjISM,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-310.pyc,,..cryptography/__pycache__/__init__.cpython-310.pyc,,..cryptography/__pycache__/exceptions.cpython-310.pyc,,..cryptography/__p

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\WHEEL

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):94
                                                                                                                                                                                                                                                  Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                                  MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                                  SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                                  SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                                  SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):197
                                                                                                                                                                                                                                                  Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                  MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                  SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                  SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                  SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11360
                                                                                                                                                                                                                                                  Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                  MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                  SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                  SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                  SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography-43.0.1.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1532
                                                                                                                                                                                                                                                  Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                  MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                  SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                  SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                  SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7900672
                                                                                                                                                                                                                                                  Entropy (8bit):6.519460416205842
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:Hvisa2OcIo0UYN1YA2sBCT7I0XIU6iOGtlqNVwASO0AIjoI+b0vjemXSKSDhxlT3:Pi/2PTYDBCT7NY+gTNxY7GbdJ295x
                                                                                                                                                                                                                                                  MD5:81AD4F91BB10900E3E2E8EAF917F42C9
                                                                                                                                                                                                                                                  SHA1:840F7AEF02CDA6672F0E3FC7A8D57F213DDD1DC6
                                                                                                                                                                                                                                                  SHA-256:5F20D6CEC04685075781996A9F54A78DC44AB8E39EB5A2BCF3234E36BEF4B190
                                                                                                                                                                                                                                                  SHA-512:11CD299D6812CDF6F0A74BA86EB44E9904CE4106167EBD6E0B81F60A5FCD04236CEF5CFF81E51ED391F5156430663056393DC07353C4A70A88024194768FFE9D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..(...(...(...!...:...8...*...8...,...8... ...8...9...c..&...G...*...(...+...`...V...(.....`...)...`...)...Rich(...........................PE..d....j.f.........." ...).`Z..V........X.......................................x...........`.........................................p.r.......r...............t...............x......Cj.T....................Cj.(....Aj.@............pZ..............................text...._Z......`Z................. ..`.rdata..ZR...pZ..T...dZ.............@..@.data....+....r.......r.............@....pdata........t.......s.............@..@.reloc........x.......w.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\libcrypto-1_1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3450648
                                                                                                                                                                                                                                                  Entropy (8bit):6.098075450035195
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:YP+uemAdn67xfxw6rKsK1CPwDv3uFfJz1CmiX:OZemAYxfxw6HK1CPwDv3uFfJzUmA
                                                                                                                                                                                                                                                  MD5:9D7A0C99256C50AFD5B0560BA2548930
                                                                                                                                                                                                                                                  SHA1:76BD9F13597A46F5283AA35C30B53C21976D0824
                                                                                                                                                                                                                                                  SHA-256:9B7B4A0AD212095A8C2E35C71694D8A1764CD72A829E8E17C8AFE3A55F147939
                                                                                                                                                                                                                                                  SHA-512:CB39AA99B9D98C735FDACF1C5ED68A4D09D11F30262B91F6AA48C3F8520EFF95E499400D0CE7E280CA7A90FF6D7141D2D893EF0B33A8803A1CADB28BA9A9E3E2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........].q...q...q....M..q.......q.......q.......q.......q...q..[q.......q.......q.......s.......q....!..q.......q..Rich.q..........................PE..d......c.........." ..."..$.................................................. 5......%5...`.........................................../..h...Z4.@.....4.|.....2......x4../....4..O....-.8.............................-.@............P4..............................text.....$.......$................. ..`.rdata..&.....%.......$.............@..@.data...!z....2..,....1.............@....pdata........2.......2.............@..@.idata..^#...P4..$....3.............@..@.00cfg..u.....4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\libffi-7.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32792
                                                                                                                                                                                                                                                  Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                                                  MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                                                  SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                                                  SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                                                  SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\libssl-1_1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):704792
                                                                                                                                                                                                                                                  Entropy (8bit):5.5573527806738126
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:WhO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0TGqwfU2lvz2:2is/POtrzbLp5dQ0TGqcU2lvz2
                                                                                                                                                                                                                                                  MD5:BEC0F86F9DA765E2A02C9237259A7898
                                                                                                                                                                                                                                                  SHA1:3CAA604C3FFF88E71F489977E4293A488FB5671C
                                                                                                                                                                                                                                                  SHA-256:D74CE01319AE6F54483A19375524AA39D9F5FD91F06CF7DF238CA25E043130FD
                                                                                                                                                                                                                                                  SHA-512:FFBC4E5FFDB49704E7AA6D74533E5AF76BBE5DB297713D8E59BD296143FE5F145FBB616B343EED3C48ECEACCCCC2431630470D8975A4A17C37EAFCC12EDD19F4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1}q.1}q.1}q.8..=}q.~.p.3}q.z.p.3}q.~.t.=}q.~.u.9}q.~.r.5}q...p.2}q.1}p..|q...u..}q...q.0}q.....0}q...s.0}q.Rich1}q.........PE..d......c.........." ...".D...T......<................................................i....`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\python3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):66328
                                                                                                                                                                                                                                                  Entropy (8bit):6.162953246481027
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:t68LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqn:t6wewnvtjnsfwxVILL0S7SyuPxHO
                                                                                                                                                                                                                                                  MD5:FD4A39E7C1F7F07CF635145A2AF0DC3A
                                                                                                                                                                                                                                                  SHA1:05292BA14ACC978BB195818499A294028AB644BD
                                                                                                                                                                                                                                                  SHA-256:DC909EB798A23BA8EE9F8E3F307D97755BC0D2DC0CB342CEDAE81FBBAD32A8A9
                                                                                                                                                                                                                                                  SHA-512:37D3218BC767C44E8197555D3FA18D5AAD43A536CFE24AC17BF8A3084FB70BD4763CCFD16D2DF405538B657F720871E0CD312DFEB7F592F3AAC34D9D00D5A643
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A.d.A.d.A.d...l.@.d...d.@.d.....@.d...f.@.d.RichA.d.........PE..d.....,d.........." .................................................................x....`.........................................`...`................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\python310.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4458776
                                                                                                                                                                                                                                                  Entropy (8bit):6.460390021076921
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:myrXfGIy+Bqk5c5Ad2nwZT3Q6wsV136cR2DZvbK30xLNZcAgVBvcpYcvl1IDWbH3:Uw5tVBlicWdvoDkHUMF7Ph/qe
                                                                                                                                                                                                                                                  MD5:63A1FA9259A35EAEAC04174CECB90048
                                                                                                                                                                                                                                                  SHA1:0DC0C91BCD6F69B80DCDD7E4020365DD7853885A
                                                                                                                                                                                                                                                  SHA-256:14B06796F288BC6599E458FB23A944AB0C843E9868058F02A91D4606533505ED
                                                                                                                                                                                                                                                  SHA-512:896CAA053F48B1E4102E0F41A7D13D932A746EEA69A894AE564EF5A84EF50890514DECA6496E915AAE40A500955220DBC1B1016FE0B8BCDDE0AD81B2917DEA8B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<...<...<...I...<...Sc..<...I...<...I...<...I...<...D...<...D...<...<...=..+I../<..+I...<..+Ia..<..+I...<..Rich.<..........................PE..d.....,d.........." .....V#..v!...............................................E.....".D...`.........................................`.<.....@.=.|.....D......`B.......C../....D..t....$.T...........................P.$.8............p#.8............................text...bT#......V#................. ..`.rdata...B...p#..D...Z#.............@..@.data... .....=.......=.............@....pdata.......`B......HA.............@..@PyRuntim`....pD......VC.............@....rsrc.........D......ZC.............@..@.reloc...t....D..v...dC.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\pywin32_system32\pywintypes310.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):134656
                                                                                                                                                                                                                                                  Entropy (8bit):5.992653928086484
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:DLVxziezwPZSMaAXpuuwNNDY/r06trfSsSYOejKVJBtGdI8hvnMu:HfziezwMMaAX2Y/rxjbOejKDBtG681n
                                                                                                                                                                                                                                                  MD5:CEB06A956B276CEA73098D145FA64712
                                                                                                                                                                                                                                                  SHA1:6F0BA21F0325ACC7CF6BF9F099D9A86470A786BF
                                                                                                                                                                                                                                                  SHA-256:C8EC6429D243AEF1F78969863BE23D59273FA6303760A173AB36AB71D5676005
                                                                                                                                                                                                                                                  SHA-512:05BAB4A293E4C7EFA85FA2491C32F299AFD46FDB079DCB7EE2CC4C31024E01286DAAF4AEAD5082FC1FD0D4169B2D1BE589D1670FCF875B06C6F15F634E0C6F34
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.$.X.w.X.w.X.w. [w.X.w.-.v.X.w.75w.X.w.-.v.X.w.-.v.X.w.-.v.X.w.3.v.X.wJ1.v.X.w.3.v.X.w.X.w.X.w,-.v.X.w,-.v.X.w,-.v.X.wRich.X.w........................PE..d......d.........." .........................................................P............`......................................... u..dB......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\select.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):29976
                                                                                                                                                                                                                                                  Entropy (8bit):6.627859470728624
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:gUC2hwhVHqOmEVILQG35YiSyvrYPxWEl6:FC2ehVKOmEVILQGp7SyEPxe
                                                                                                                                                                                                                                                  MD5:A653F35D05D2F6DEBC5D34DADDD3DFA1
                                                                                                                                                                                                                                                  SHA1:1A2CEEC28EA44388F412420425665C3781AF2435
                                                                                                                                                                                                                                                  SHA-256:DB85F2F94D4994283E1055057372594538AE11020389D966E45607413851D9E9
                                                                                                                                                                                                                                                  SHA-512:5AEDE99C3BE25B1A962261B183AE7A7FB92CB0CB866065DC9CD7BB5FF6F41CC8813D2CC9DE54670A27B3AD07A33B833EAA95A5B46DAD7763CA97DFA0C1CE54C9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!.F.O.F.O.F.O.O...D.O...N.D.O...J.M.O...K.N.O...L.B.O...N.D.O.F.N...O...N.C.O...B.G.O...O.G.O....G.O...M.G.O.RichF.O.................PE..d.....,d.........." .........0......................................................;\....`.........................................`@..L....@..x....p.......`.......F.../......H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\ucrtbase.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1357352
                                                                                                                                                                                                                                                  Entropy (8bit):6.584634517065226
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:+UanuON+jflUtGz/rLeX+NNF7R8b1h9X2kwlNsmGb6mxvSZX0ypympK5:HIuON+jfl+Gz/rLeXDdXGQepQ
                                                                                                                                                                                                                                                  MD5:868BAD194827BE8D5DB1FE443FF45D43
                                                                                                                                                                                                                                                  SHA1:7A792B25D23185582F5AA50864A028D47B73453C
                                                                                                                                                                                                                                                  SHA-256:A2B84D739C2F85D8C3D234812672D0B6134303A35CC9C32305CBEF19822D04AA
                                                                                                                                                                                                                                                  SHA-512:534984C65A0947BF587B15A41FAE6BB424D83239D8F9A224742CE50D6844FAEE1AA5A3829C104D11E310F87E3B4A0DB9E72A9819B97DD1E6EB85D972CFAC34B2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........jA..9A..9A..9H.b9z..9A..9...91d.9@..91d.8J..91d.8@..91d.8v..91d.8i..9A..9C..91d.8...91d.9@..91d.8@..9RichA..9........PE..d....U..........." ...&.p... ......`................................................a....`A.........................................p...... E..X...............D.......(&......(...(U..p...............................@...........0...`............................text....U.......`.................. ..`fothk........p.......p.............. ..`.rdata..............................@..@.data...4&...`... ...`..............@....pdata..D...........................@..@.fptable.....p.......`..............@....rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\unicodedata.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1123608
                                                                                                                                                                                                                                                  Entropy (8bit):5.3853088605790385
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:6mwlRMmuZ63NTQCb5Pfhnzr0ql8L8kcM7IRG5eeme6VZyrIBHdQLhfFE+uQfk:ulRuUZV0m8UMMREtV6Vo4uYQfk
                                                                                                                                                                                                                                                  MD5:81D62AD36CBDDB4E57A91018F3C0816E
                                                                                                                                                                                                                                                  SHA1:FE4A4FC35DF240B50DB22B35824E4826059A807B
                                                                                                                                                                                                                                                  SHA-256:1FB2D66C056F69E8BBDD8C6C910E72697874DAE680264F8FB4B4DF19AF98AA2E
                                                                                                                                                                                                                                                  SHA-512:7D15D741378E671591356DFAAD4E1E03D3F5456CBDF87579B61D02A4A52AB9B6ECBFFAD3274CEDE8C876EA19EAEB8BA4372AD5986744D430A29F50B9CAFFB75D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$z.eJ).eJ).eJ)...).eJ)..K(.eJ)..O(.eJ)..N(.eJ)..I(.eJ)|.K(.eJ)..K(.eJ).eK).eJ)|.G(.eJ)|.J(.eJ)|..).eJ)|.H(.eJ)Rich.eJ)........................PE..d.....,d.........." .....B.......... *.......................................@......Q.....`.............................................X............ ..........H......../...0.......`..T........................... a..8............`..x............................text...9A.......B.................. ..`.rdata.......`.......F..............@..@.data...............................@....pdata..H...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32api.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):133632
                                                                                                                                                                                                                                                  Entropy (8bit):5.849731189887005
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:l2J5loMoEg9enX4oD8cdf0nlRVFhLaNKP/IyymuqCyqJhe:cblovEgqXHdfqlRVlP/IyzCyy
                                                                                                                                                                                                                                                  MD5:00E5DA545C6A4979A6577F8F091E85E1
                                                                                                                                                                                                                                                  SHA1:A31A2C85E272234584DACF36F405D102D9C43C05
                                                                                                                                                                                                                                                  SHA-256:AC483D60A565CC9CBF91A6F37EA516B2162A45D255888D50FBBB7E5FF12086EE
                                                                                                                                                                                                                                                  SHA-512:9E4F834F56007F84E8B4EC1C16FB916E68C3BAADAB1A3F6B82FAF5360C57697DC69BE86F3C2EA6E30F95E7C32413BABBE5D29422D559C99E6CF4242357A85F31
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.uV....................N.......N.......N.......................N...................J...........................Rich............PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI70482\win32\win32event.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                  Entropy (8bit):5.557243649975138
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:qwXwVM65Ix6Hey0a4SqSv/L/jhfWddbcQ857W5/hoOn0k/MwGCHRUyGa/:Fn6oDOb/jhfWddbcrwYOn0k/MwJYa
                                                                                                                                                                                                                                                  MD5:98D246A539426C3A7A842D6CF286D46D
                                                                                                                                                                                                                                                  SHA1:CEF7350297F7E1E2407C9125033DC972C3171122
                                                                                                                                                                                                                                                  SHA-256:7461A15657C7516237B020357CCF6DE1D07B1C781149C0DA7892AEA0EA63A825
                                                                                                                                                                                                                                                  SHA-512:F2FE96082C333210261A1247155373276A58A9E6128374A6FBA252D39CB78B286A30C48E05D2EB1E0B41653598BB114C0361BC55808FE091E8A13CDE0B59AC5F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........*.@sD.@sD.@sD.I...DsD...E.BsD...A.JsD...@.HsD...G.CsD..E.BsD...E.BsD.T.E.EsD.@sE..sD..M.AsD..D.AsD..F.AsD.Rich@sD.........PE..d......d.........." .....8...4.......3....................................................`..........................................f..T...$g..........d............................Z..T............................Z..8............P...............................text...(6.......8.................. ..`.rdata...#...P...$...<..............@..@.data................`..............@....pdata...............d..............@..@.rsrc...d............j..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):7.994268631643796
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                  • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                  File name:c56uoWlDXp.exe
                                                                                                                                                                                                                                                  File size:11'426'164 bytes
                                                                                                                                                                                                                                                  MD5:216b100a2e23f120c05f482784c1de75
                                                                                                                                                                                                                                                  SHA1:9c7345cb8a81d8796bdb437e5014784b541ff281
                                                                                                                                                                                                                                                  SHA256:f4a0b416ca3a94c02563ed3df67d4f8546870662759eb5ae664e6c29a3031afd
                                                                                                                                                                                                                                                  SHA512:73c74309f2f19291492d2701b9ba0001a6e50948456e824b098910b6710b46f5a51358b29dfa69f3259916516d11e7566311a9ff2608c51ed73931967d56326c
                                                                                                                                                                                                                                                  SSDEEP:196608:DW87p+ObQQOOl2szsHFUK2r7UyT8DfyGgJwBdnpkYRMfcY0SeAx6/V:LhZ2YsHFUK2J8DfDgJc6fcNIxk
                                                                                                                                                                                                                                                  TLSH:D6B6335026E01DE1D9BBDA3CC9929245E3B2B4475BD3DB87A7F883261E13BE54E36301
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Entrypoint:0x14000ce20
                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x6755BF51 [Sun Dec 8 15:46:25 2024 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                  Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                                                                  Signature Valid:false
                                                                                                                                                                                                                                                  Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                  Error Number:-2146869232
                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                  • 28/09/2021 20:00:00 28/09/2024 19:59:59
                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                  • CN=Akeo Consulting, O=Akeo Consulting, S=Donegal, C=IE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IE, SERIALNUMBER=407950
                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                  Thumbprint MD5:5C82B2D08EFE6EE0794B52D4309C5F37
                                                                                                                                                                                                                                                  Thumbprint SHA-1:3DBC3A2A0E9CE8803B422CFDBC60ACD33164965D
                                                                                                                                                                                                                                                  Thumbprint SHA-256:60E992275CC7503A3EBA5D391DB8AEAAAB001402D49AEA3F7F5DA3706DF97327
                                                                                                                                                                                                                                                  Serial:00BFB15001BBF592D4962A7797EA736FA3

                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                  call 00007F9108B1C16Ch
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                  jmp 00007F9108B1BD8Fh
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                  call 00007F9108B1C538h
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007F9108B1BF33h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                  jmp 00007F9108B1BF17h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  cmp ecx, eax
                                                                                                                                                                                                                                                  je 00007F9108B1BF26h
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                                                                  jne 00007F9108B1BF00h
                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                                  jmp 00007F9108B1BF09h
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                  test ecx, ecx
                                                                                                                                                                                                                                                  jne 00007F9108B1BF19h
                                                                                                                                                                                                                                                  mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                                                                  call 00007F9108B1B665h
                                                                                                                                                                                                                                                  call 00007F9108B1C950h
                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                  jne 00007F9108B1BF16h
                                                                                                                                                                                                                                                  xor al, al
                                                                                                                                                                                                                                                  jmp 00007F9108B1BF26h
                                                                                                                                                                                                                                                  call 00007F9108B2946Fh
                                                                                                                                                                                                                                                  test al, al
                                                                                                                                                                                                                                                  jne 00007F9108B1BF1Bh
                                                                                                                                                                                                                                                  xor ecx, ecx
                                                                                                                                                                                                                                                  call 00007F9108B1C960h
                                                                                                                                                                                                                                                  jmp 00007F9108B1BEFCh
                                                                                                                                                                                                                                                  mov al, 01h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  sub esp, 20h
                                                                                                                                                                                                                                                  cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                                                                  mov ebx, ecx
                                                                                                                                                                                                                                                  jne 00007F9108B1BF79h
                                                                                                                                                                                                                                                  cmp ecx, 01h
                                                                                                                                                                                                                                                  jnbe 00007F9108B1BF7Ch
                                                                                                                                                                                                                                                  call 00007F9108B1C4AEh
                                                                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                                                                  je 00007F9108B1BF3Ah
                                                                                                                                                                                                                                                  test ebx, ebx
                                                                                                                                                                                                                                                  jne 00007F9108B1BF36h
                                                                                                                                                                                                                                                  dec eax
                                                                                                                                                                                                                                                  lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                                                                  call 00007F9108B29262h

                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x568.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0xae352c0x2448
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x480000x764.reloc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rdata0x2b0000x12a280x12c00675932568b3f35816dae778e46256885False0.5243229166666666data5.7507922437121355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rsrc0x470000x5680x6001f909f1505d4aac403fc692b4e3c4933False0.4375data5.515698942150982IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .reloc0x480000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_MANIFEST0x470580x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                                  COMCTL32.dll
                                                                                                                                                                                                                                                  KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                                                  ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                                  GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:49.999758959 CET4971680192.168.2.12172.217.19.228
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:50.120203018 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:50.120491982 CET4971680192.168.2.12172.217.19.228
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:50.121309042 CET4971680192.168.2.12172.217.19.228
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:50.241154909 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947587013 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947606087 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947613001 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947746992 CET4971680192.168.2.12172.217.19.228
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947766066 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947773933 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947822094 CET4971680192.168.2.12172.217.19.228
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.963484049 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.963491917 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.963505983 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.963625908 CET4971680192.168.2.12172.217.19.228
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.139817953 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.140805006 CET4971680192.168.2.12172.217.19.228
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.261368990 CET8049716172.217.19.228192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.261524916 CET4971680192.168.2.12172.217.19.228
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.281102896 CET49717443192.168.2.12185.199.111.133
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.281135082 CET44349717185.199.111.133192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.281234980 CET49717443192.168.2.12185.199.111.133
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.285339117 CET49717443192.168.2.12185.199.111.133
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.285351038 CET44349717185.199.111.133192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.499047041 CET44349717185.199.111.133192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.506876945 CET49717443192.168.2.12185.199.111.133
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.506900072 CET44349717185.199.111.133192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.508655071 CET44349717185.199.111.133192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.508718967 CET49717443192.168.2.12185.199.111.133
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.509371996 CET49717443192.168.2.12185.199.111.133
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.509531021 CET49717443192.168.2.12185.199.111.133
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.509533882 CET44349717185.199.111.133192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.509589911 CET49717443192.168.2.12185.199.111.133
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.652005911 CET49718443192.168.2.1220.233.83.145
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.652060032 CET4434971820.233.83.145192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.652224064 CET49718443192.168.2.1220.233.83.145
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.652733088 CET49718443192.168.2.1220.233.83.145
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.652750015 CET4434971820.233.83.145192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:55.262514114 CET4434971820.233.83.145192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:55.262981892 CET49718443192.168.2.1220.233.83.145
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:55.263009071 CET4434971820.233.83.145192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:55.264157057 CET4434971820.233.83.145192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:55.264215946 CET49718443192.168.2.1220.233.83.145
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:55.264792919 CET49718443192.168.2.1220.233.83.145
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:55.264940023 CET49718443192.168.2.1220.233.83.145

                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:49.857177019 CET5315353192.168.2.121.1.1.1
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:49.995345116 CET53531531.1.1.1192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.143074036 CET6340553192.168.2.121.1.1.1
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.280101061 CET53634051.1.1.1192.168.2.12
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.511370897 CET6029053192.168.2.121.1.1.1
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.650935888 CET53602901.1.1.1192.168.2.12

                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:49.857177019 CET192.168.2.121.1.1.10x821dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.143074036 CET192.168.2.121.1.1.10x423fStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.511370897 CET192.168.2.121.1.1.10xada6Standard query (0)github.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:49.995345116 CET1.1.1.1192.168.2.120x821dNo error (0)www.google.com172.217.19.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.280101061 CET1.1.1.1192.168.2.120x423fNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.280101061 CET1.1.1.1192.168.2.120x423fNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.280101061 CET1.1.1.1192.168.2.120x423fNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.280101061 CET1.1.1.1192.168.2.120x423fNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:53.650935888 CET1.1.1.1192.168.2.120xada6No error (0)github.com20.233.83.145A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                  • www.google.com

                                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.1249716172.217.19.228807132C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:50.121309042 CET149OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  User-Agent: python-requests/2.32.2
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947587013 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Sat, 14 Dec 2024 13:08:51 GMT
                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                  Cache-Control: private, max-age=0
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                                                  Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-6-P6v93A1ZL2f68DHaYPLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                  Content-Encoding: gzip
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  Content-Length: 8240
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Set-Cookie: AEC=AZ6Zc-UJZbUteq6Md1J7_BwSLu1lhLflfBwEntN8vULRnhWa1g_lHEiTedA; expires=Thu, 12-Jun-2025 13:08:51 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                                                  Set-Cookie: NID=520=TyHzdsV5jNMz3YfXbHl3iv4UNDmQZxB_g20FEOriB3Z4OeR-4rGS4cZGh3v5HBDHUpAMsZt8M7R6QbKgxmBGY-eHjmIggCQHK7G73QqNo3G_SZ-sjEZrqVQHQAmj3j8O7QfcEcz7Eb3ZFdLIa46zqJIcH08pwieF6B3XKNYPk8RcrK1yGFkcia-vJ0n3HPzBfiIbtL2epg; expires=Sun, 15-Jun-2025 13:08:51 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 02 ff d5 7c 79 77 db b8 b2 e7 ff fd 29 68 e6 5d 5b 3c a6 25 92 da a5 d0 79 8e e3 2c b7 9d d5 e9 2d 6e 8f 07 24 21 89 31 37 93 94 6d c5 d6 77 9f 5f 01 24 45 c9 4a a7 ef bd ef cc 9c 49 ba 6d 12 28 d4 86 42 a1 aa 00 e6 e9 8e 17 bb f9 22 e1 ca 2c 0f 83 c3 a7 f4 53 f1 73 1e 66 6e 9c 70 5b 55 c5 0b 01 d8 ea 2c cf 93 51 ab 95 b9 33 1e b2 66 9c 4e 5b bf 71 e7 03 9b 72 55 09 58 34 b5 55 1e a9 c0 c0 99 77 f8 34 e4 39 53 dc 38 ca 79 94 db ea 19 67 a9 3b 53 f2 19 57 6e e3 34 f0 f6 32 c5 8f 26 71 1a b2 dc 8f 23 1d 2f 6e 30 f7 fc 68 aa dc 72 27
                                                                                                                                                                                                                                                  Data Ascii: |yw)h][<%y,-n$!17mw_$EJIm(B",Ssfnp[U,Q3fN[qrUX4Uw49S8yg;SWn42&q#/n0hr'
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947606087 CET1236INData Raw: 01 c6 0c 6d a1 fc 7d e3 7b 3c ce 14 16 79 4a 18 a7 bc a9 bc 8a e3 69 00 7e 59 a6 84 2c 5a 28 59 c2 5d 9f 05 ca 84 b3 7c 9e f2 4c c9 63 65 c6 83 44 59 c4 73 65 e2 63 1c bf 63 6e 1e 2c 94 db 19 cb a9 75 2f e5 4a 10 c7 57 44 10 5c 34 55 25 62 21 04
                                                                                                                                                                                                                                                  Data Ascii: m}{<yJi~Y,Z(Y]|LceDYseccn,u/JWD\4U%b!x~B<"Dq%R#-Xqg,xn@UHyz?>Bi<x88={]snv9iI'*YPy] THr9OGfI(O
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947613001 CET1236INData Raw: 06 64 cb 64 c9 62 5e 00 82 66 58 87 09 0b 24 bd 83 85 9e 61 d1 9a 20 d2 98 2a 60 25 e3 21 35 98 34 4b c0 85 d5 3a 24 23 a1 45 d7 87 80 b4 1e 49 2d e0 14 9b 0c ad 23 ec 32 90 99 b4 43 04 0c 83 10 93 fb 81 16 31 d7 86 f0 6b e8 ec 76 49 97 20 4b aa
                                                                                                                                                                                                                                                  Data Ascii: ddb^fX$a *`%!54K:$#EI-#2C1kvI KH??_{pw.7Ef<#'rJFk#8^jMA#FEY7.q>xxO&&SBwG#kMY[O
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947766066 CET1236INData Raw: c3 f3 7a 3c ad 88 65 54 df 50 9e b8 43 af 3f 31 c7 35 ce 40 8a 06 95 b4 8d 71 12 67 3e 4d cc 88 39 18 04 7d 8d 09 87 d5 81 04 a2 38 33 42 88 fc 8f e5 7f 87 dc f3 99 02 4d dc 63 b8 59 67 7d 1c 62 f6 fc e8 40 70 34 6a 76 79 38 be e1 69 ee 43 6d 05
                                                                                                                                                                                                                                                  Data Ascii: z<eTPC?15@qg>M9}83BMcYg}b@p4jvy8iCm@XH<G%#D:<<0kautJoL@QS,a'zaIL~g(;%Km@1yo#M43<(o,sD=(tl22T6L
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.947773933 CET1011INData Raw: 1e 1e 56 69 3e fa 28 7b af 95 90 c6 85 ca cb 3a c2 36 ef 30 87 0d 50 6a c2 6c 0e 21 c1 09 9c 69 3c 51 c4 c2 79 c6 47 b2 64 c5 34 7d e5 20 c0 e8 ca 86 54 28 06 0b b0 51 b7 2b db 43 5a 53 07 2f 6d 68 05 5c b6 d8 8e a6 af ea 63 8c ca 62 72 14 3d 49
                                                                                                                                                                                                                                                  Data Ascii: Vi>({:60Pjl!i<QyGd4} T(Q+CZS/mh\cbr=I2>[D96heg*FTxX|%\]^QieAqL6j$UpusXHHWY"1P[yEnYE3Kb}Ujhthj,3^Q7jYkl
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.963484049 CET1236INData Raw: 37 8f b8 fb f7 02 40 f0 b3 f7 03 7e f6 6a 81 16 2f 13 a6 e7 8b 37 5e c3 f7 34 84 81 e2 44 60 3d 0e a4 28 8e aa 13 4d 5a f2 e5 31 85 76 2f 9a dc 19 77 af 38 05 8e e6 78 1d ce 9f 04 99 3f d5 36 1b 9a 9e 9f 91 67 10 b1 a6 08 44 97 3f 89 84 1c d6 57
                                                                                                                                                                                                                                                  Data Ascii: 7@~j/7^4D`=(MZ1v/w8x?6gD?WxbK7~8Gi}r}}p[=*|VwCyw)c0cq(6aG)+rrbMR!0t\J=_:!~
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.963491917 CET1236INData Raw: 74 77 15 be b9 29 67 39 2f b6 a6 06 25 b3 57 e2 28 86 21 67 28 8e 0d f1 26 76 75 0f 0f 29 1d 10 25 f8 19 33 4f dd a8 c1 b3 24 e1 91 77 3c f3 03 af e1 56 77 16 bd c4 de 31 56 d7 32 93 ac 7e e0 ba 6a 3c bf d0 56 32 ce 2a 19 e7 50 5b fd fe 5d 75 af
                                                                                                                                                                                                                                                  Data Ascii: tw)g9/%W(!g(&vu)%3O$w<Vw1V2~j<V2*P[]ugu`ZYsP\VyUWP]{H,&\DG=iVKYKZM'(4wW72sDiVWq+^`i.u."T)])lB;O*>l\uA@zV1
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:51.963505983 CET352INData Raw: f8 20 42 2c 83 5d 28 b0 83 f3 ab f3 e8 82 60 e4 fd a1 fb 99 bc 65 54 7e 1b 31 b3 83 a5 0c 43 66 bb bb b3 73 b8 bc 8e 61 b6 0d f3 62 3c b5 93 22 fd 49 46 c5 97 39 74 39 94 37 23 76 e3 4f 19 cc 63 7c 6d a7 cf d2 26 9d 3f 1c 4d e9 b3 0a 44 0f b2 fe
                                                                                                                                                                                                                                                  Data Ascii: B,](`eT~1Cfsab<"IF9t97#vOc|m&?MD446R'g}f5N=/Cq&@U=i;AM^Mi:hpWlj,jF~P>;$;O1Bq2kmoWMEv@5@
                                                                                                                                                                                                                                                  Dec 14, 2024 14:08:52.139817953 CET510INData Raw: 1d bc ea 2f d6 d6 3c 8c a9 75 70 ce 0e be 5d b4 e4 37 b9 ea 0d 9d 34 ad dd de 05 cc 11 25 2e 14 4d 67 f4 71 17 1a 40 80 64 11 d0 74 0d b1 ea 5c 1b 49 df 35 15 1d 4d 40 56 57 29 57 17 a8 c5 ea 62 a5 d5 6e fd 0a 4a dd 17 54 9a 29 4f 02 e6 f2 46 ab
                                                                                                                                                                                                                                                  Data Ascii: /<up]74%.Mgq@dt\I5M@VW)WbnJT)OFq~tBkMuL=oyz:RE'1K{}"-f/6En>vODM/u)[.kv#s%|Ig`{WNd+#K/hWR\N


                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:08:08:45
                                                                                                                                                                                                                                                  Start date:14/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\c56uoWlDXp.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6ab540000
                                                                                                                                                                                                                                                  File size:11'426'164 bytes
                                                                                                                                                                                                                                                  MD5 hash:216B100A2E23F120C05F482784C1DE75
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                  Start time:08:08:47
                                                                                                                                                                                                                                                  Start date:14/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\c56uoWlDXp.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6ab540000
                                                                                                                                                                                                                                                  File size:11'426'164 bytes
                                                                                                                                                                                                                                                  MD5 hash:216B100A2E23F120C05F482784C1DE75
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                  Start time:08:08:47
                                                                                                                                                                                                                                                  Start date:14/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                                  Imagebase:0x7ff714700000
                                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                  Start time:08:08:47
                                                                                                                                                                                                                                                  Start date:14/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff704000000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:9.6%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:14.9%
                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                    Total number of Limit Nodes:38
                                                                                                                                                                                                                                                    execution_graph 18775 7ff6ab555698 18776 7ff6ab5556b2 18775->18776 18777 7ff6ab5556cf 18775->18777 18778 7ff6ab554f58 _fread_nolock 11 API calls 18776->18778 18777->18776 18779 7ff6ab5556e2 CreateFileW 18777->18779 18780 7ff6ab5556b7 18778->18780 18781 7ff6ab55574c 18779->18781 18782 7ff6ab555716 18779->18782 18784 7ff6ab554f78 _get_daylight 11 API calls 18780->18784 18826 7ff6ab555c74 18781->18826 18800 7ff6ab5557ec GetFileType 18782->18800 18787 7ff6ab5556bf 18784->18787 18791 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18787->18791 18789 7ff6ab555755 18794 7ff6ab554eec _fread_nolock 11 API calls 18789->18794 18790 7ff6ab555780 18847 7ff6ab555a34 18790->18847 18796 7ff6ab5556ca 18791->18796 18792 7ff6ab55572b CloseHandle 18792->18796 18793 7ff6ab555741 CloseHandle 18793->18796 18799 7ff6ab55575f 18794->18799 18799->18796 18801 7ff6ab55583a 18800->18801 18802 7ff6ab5558f7 18800->18802 18805 7ff6ab555866 GetFileInformationByHandle 18801->18805 18810 7ff6ab555b70 21 API calls 18801->18810 18803 7ff6ab5558ff 18802->18803 18804 7ff6ab555921 18802->18804 18806 7ff6ab555912 GetLastError 18803->18806 18807 7ff6ab555903 18803->18807 18809 7ff6ab555944 PeekNamedPipe 18804->18809 18825 7ff6ab5558e2 18804->18825 18805->18806 18808 7ff6ab55588f 18805->18808 18813 7ff6ab554eec _fread_nolock 11 API calls 18806->18813 18811 7ff6ab554f78 _get_daylight 11 API calls 18807->18811 18812 7ff6ab555a34 51 API calls 18808->18812 18809->18825 18814 7ff6ab555854 18810->18814 18811->18825 18815 7ff6ab55589a 18812->18815 18813->18825 18814->18805 18814->18825 18864 7ff6ab555994 18815->18864 18816 7ff6ab54c5c0 _log10_special 8 API calls 18818 7ff6ab555724 18816->18818 18818->18792 18818->18793 18820 7ff6ab555994 10 API calls 18821 7ff6ab5558b9 18820->18821 18822 7ff6ab555994 10 API calls 18821->18822 18823 7ff6ab5558ca 18822->18823 18824 7ff6ab554f78 _get_daylight 11 API calls 18823->18824 18823->18825 18824->18825 18825->18816 18827 7ff6ab555caa 18826->18827 18828 7ff6ab554f78 _get_daylight 11 API calls 18827->18828 18846 7ff6ab555d42 __vcrt_freefls 18827->18846 18830 7ff6ab555cbc 18828->18830 18829 7ff6ab54c5c0 _log10_special 8 API calls 18831 7ff6ab555751 18829->18831 18832 7ff6ab554f78 _get_daylight 11 API calls 18830->18832 18831->18789 18831->18790 18833 7ff6ab555cc4 18832->18833 18834 7ff6ab557e78 45 API calls 18833->18834 18835 7ff6ab555cd9 18834->18835 18836 7ff6ab555ceb 18835->18836 18837 7ff6ab555ce1 18835->18837 18838 7ff6ab554f78 _get_daylight 11 API calls 18836->18838 18839 7ff6ab554f78 _get_daylight 11 API calls 18837->18839 18840 7ff6ab555cf0 18838->18840 18843 7ff6ab555ce6 18839->18843 18841 7ff6ab554f78 _get_daylight 11 API calls 18840->18841 18840->18846 18842 7ff6ab555cfa 18841->18842 18844 7ff6ab557e78 45 API calls 18842->18844 18845 7ff6ab555d34 GetDriveTypeW 18843->18845 18843->18846 18844->18843 18845->18846 18846->18829 18848 7ff6ab555a5c 18847->18848 18856 7ff6ab55578d 18848->18856 18871 7ff6ab55f794 18848->18871 18850 7ff6ab555af0 18851 7ff6ab55f794 51 API calls 18850->18851 18850->18856 18852 7ff6ab555b03 18851->18852 18853 7ff6ab55f794 51 API calls 18852->18853 18852->18856 18854 7ff6ab555b16 18853->18854 18855 7ff6ab55f794 51 API calls 18854->18855 18854->18856 18855->18856 18857 7ff6ab555b70 18856->18857 18858 7ff6ab555b8a 18857->18858 18859 7ff6ab555bc1 18858->18859 18860 7ff6ab555b9a 18858->18860 18861 7ff6ab55f628 21 API calls 18859->18861 18862 7ff6ab554eec _fread_nolock 11 API calls 18860->18862 18863 7ff6ab555baa 18860->18863 18861->18863 18862->18863 18863->18799 18865 7ff6ab5559bd FileTimeToSystemTime 18864->18865 18866 7ff6ab5559b0 18864->18866 18867 7ff6ab5559d1 SystemTimeToTzSpecificLocalTime 18865->18867 18868 7ff6ab5559b8 18865->18868 18866->18865 18866->18868 18867->18868 18869 7ff6ab54c5c0 _log10_special 8 API calls 18868->18869 18870 7ff6ab5558a9 18869->18870 18870->18820 18872 7ff6ab55f7c5 18871->18872 18873 7ff6ab55f7a1 18871->18873 18875 7ff6ab55f7ff 18872->18875 18879 7ff6ab55f81e 18872->18879 18873->18872 18874 7ff6ab55f7a6 18873->18874 18876 7ff6ab554f78 _get_daylight 11 API calls 18874->18876 18878 7ff6ab554f78 _get_daylight 11 API calls 18875->18878 18877 7ff6ab55f7ab 18876->18877 18880 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18877->18880 18881 7ff6ab55f804 18878->18881 18882 7ff6ab554fbc 45 API calls 18879->18882 18883 7ff6ab55f7b6 18880->18883 18884 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18881->18884 18887 7ff6ab55f82b 18882->18887 18883->18850 18885 7ff6ab55f80f 18884->18885 18885->18850 18886 7ff6ab56054c 51 API calls 18886->18887 18887->18885 18887->18886 19361 7ff6ab561720 19372 7ff6ab567454 19361->19372 19373 7ff6ab567461 19372->19373 19374 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19373->19374 19375 7ff6ab56747d 19373->19375 19374->19373 19376 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19375->19376 19377 7ff6ab561729 19375->19377 19376->19375 19378 7ff6ab560348 EnterCriticalSection 19377->19378 15918 7ff6ab54ccac 15939 7ff6ab54ce7c 15918->15939 15921 7ff6ab54cdf8 16093 7ff6ab54d19c IsProcessorFeaturePresent 15921->16093 15922 7ff6ab54ccc8 __scrt_acquire_startup_lock 15924 7ff6ab54ce02 15922->15924 15931 7ff6ab54cce6 __scrt_release_startup_lock 15922->15931 15925 7ff6ab54d19c 7 API calls 15924->15925 15927 7ff6ab54ce0d __CxxCallCatchBlock 15925->15927 15926 7ff6ab54cd0b 15928 7ff6ab54cd91 15945 7ff6ab54d2e4 15928->15945 15930 7ff6ab54cd96 15948 7ff6ab541000 15930->15948 15931->15926 15931->15928 16082 7ff6ab559b9c 15931->16082 15937 7ff6ab54cdb9 15937->15927 16089 7ff6ab54d000 15937->16089 15940 7ff6ab54ce84 15939->15940 15941 7ff6ab54ce90 __scrt_dllmain_crt_thread_attach 15940->15941 15942 7ff6ab54ce9d 15941->15942 15944 7ff6ab54ccc0 15941->15944 15942->15944 16100 7ff6ab54d8f8 15942->16100 15944->15921 15944->15922 16127 7ff6ab56a540 15945->16127 15947 7ff6ab54d2fb GetStartupInfoW 15947->15930 15949 7ff6ab541009 15948->15949 16129 7ff6ab5554f4 15949->16129 15951 7ff6ab5437fb 16136 7ff6ab5436b0 15951->16136 15958 7ff6ab54383c 16296 7ff6ab541c80 15958->16296 15959 7ff6ab54391b 16305 7ff6ab5445b0 15959->16305 15962 7ff6ab54385b 16208 7ff6ab548a20 15962->16208 15965 7ff6ab54396a 16328 7ff6ab542710 15965->16328 15966 7ff6ab54388e 15976 7ff6ab5438bb __vcrt_freefls 15966->15976 16300 7ff6ab548b90 15966->16300 15969 7ff6ab54395d 15970 7ff6ab543984 15969->15970 15971 7ff6ab543962 15969->15971 15972 7ff6ab541c80 49 API calls 15970->15972 16324 7ff6ab5500bc 15971->16324 15975 7ff6ab5439a3 15972->15975 15980 7ff6ab541950 115 API calls 15975->15980 15977 7ff6ab548a20 14 API calls 15976->15977 15984 7ff6ab5438de __vcrt_freefls 15976->15984 15977->15984 15979 7ff6ab543a0b 15981 7ff6ab548b90 40 API calls 15979->15981 15983 7ff6ab5439ce 15980->15983 15982 7ff6ab543a17 15981->15982 15985 7ff6ab548b90 40 API calls 15982->15985 15983->15962 15986 7ff6ab5439de 15983->15986 15990 7ff6ab54390e __vcrt_freefls 15984->15990 16339 7ff6ab548b30 15984->16339 15987 7ff6ab543a23 15985->15987 15988 7ff6ab542710 54 API calls 15986->15988 15989 7ff6ab548b90 40 API calls 15987->15989 16029 7ff6ab543808 __vcrt_freefls 15988->16029 15989->15990 15991 7ff6ab548a20 14 API calls 15990->15991 15992 7ff6ab543a3b 15991->15992 15993 7ff6ab543b2f 15992->15993 15994 7ff6ab543a60 __vcrt_freefls 15992->15994 15995 7ff6ab542710 54 API calls 15993->15995 15996 7ff6ab548b30 40 API calls 15994->15996 16001 7ff6ab543aab 15994->16001 15995->16029 15996->16001 15997 7ff6ab548a20 14 API calls 15998 7ff6ab543bf4 __vcrt_freefls 15997->15998 15999 7ff6ab543c46 15998->15999 16000 7ff6ab543d41 15998->16000 16002 7ff6ab543c50 15999->16002 16003 7ff6ab543cd4 15999->16003 16355 7ff6ab5444d0 16000->16355 16001->15997 16221 7ff6ab5490e0 16002->16221 16006 7ff6ab548a20 14 API calls 16003->16006 16011 7ff6ab543ce0 16006->16011 16007 7ff6ab543d4f 16008 7ff6ab543d71 16007->16008 16009 7ff6ab543d65 16007->16009 16014 7ff6ab541c80 49 API calls 16008->16014 16358 7ff6ab544620 16009->16358 16012 7ff6ab543c61 16011->16012 16015 7ff6ab543ced 16011->16015 16017 7ff6ab542710 54 API calls 16012->16017 16023 7ff6ab543cc8 __vcrt_freefls 16014->16023 16018 7ff6ab541c80 49 API calls 16015->16018 16017->16029 16021 7ff6ab543d0b 16018->16021 16019 7ff6ab543dc4 16271 7ff6ab549400 16019->16271 16021->16023 16024 7ff6ab543d12 16021->16024 16023->16019 16025 7ff6ab543da7 SetDllDirectoryW LoadLibraryExW 16023->16025 16027 7ff6ab542710 54 API calls 16024->16027 16025->16019 16026 7ff6ab543dd7 SetDllDirectoryW 16030 7ff6ab543e0a 16026->16030 16071 7ff6ab543e5a 16026->16071 16027->16029 16346 7ff6ab54c5c0 16029->16346 16031 7ff6ab548a20 14 API calls 16030->16031 16039 7ff6ab543e16 __vcrt_freefls 16031->16039 16032 7ff6ab543ffc 16034 7ff6ab544029 16032->16034 16035 7ff6ab544006 PostMessageW GetMessageW 16032->16035 16033 7ff6ab543f1b 16276 7ff6ab5433c0 16033->16276 16435 7ff6ab543360 16034->16435 16035->16034 16041 7ff6ab543ef2 16039->16041 16046 7ff6ab543e4e 16039->16046 16045 7ff6ab548b30 40 API calls 16041->16045 16045->16071 16046->16071 16361 7ff6ab546db0 16046->16361 16051 7ff6ab546fb0 FreeLibrary 16053 7ff6ab54404f 16051->16053 16059 7ff6ab543e81 16062 7ff6ab543ea2 16059->16062 16074 7ff6ab543e85 16059->16074 16382 7ff6ab546df0 16059->16382 16062->16074 16401 7ff6ab5471a0 16062->16401 16071->16032 16071->16033 16074->16071 16417 7ff6ab542a50 16074->16417 16083 7ff6ab559bb3 16082->16083 16084 7ff6ab559bd4 16082->16084 16083->15928 18671 7ff6ab55a448 16084->18671 16087 7ff6ab54d328 GetModuleHandleW 16088 7ff6ab54d339 16087->16088 16088->15937 16090 7ff6ab54d011 16089->16090 16091 7ff6ab54cdd0 16090->16091 16092 7ff6ab54d8f8 7 API calls 16090->16092 16091->15926 16092->16091 16094 7ff6ab54d1c2 __CxxCallCatchBlock __scrt_get_show_window_mode 16093->16094 16095 7ff6ab54d1e1 RtlCaptureContext RtlLookupFunctionEntry 16094->16095 16096 7ff6ab54d20a RtlVirtualUnwind 16095->16096 16097 7ff6ab54d246 __scrt_get_show_window_mode 16095->16097 16096->16097 16098 7ff6ab54d278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16097->16098 16099 7ff6ab54d2c6 __CxxCallCatchBlock 16098->16099 16099->15924 16101 7ff6ab54d90a 16100->16101 16102 7ff6ab54d900 16100->16102 16101->15944 16106 7ff6ab54dc94 16102->16106 16107 7ff6ab54dca3 16106->16107 16108 7ff6ab54d905 16106->16108 16114 7ff6ab54ded0 16107->16114 16110 7ff6ab54dd00 16108->16110 16111 7ff6ab54dd2b 16110->16111 16112 7ff6ab54dd0e DeleteCriticalSection 16111->16112 16113 7ff6ab54dd2f 16111->16113 16112->16111 16113->16101 16118 7ff6ab54dd38 16114->16118 16119 7ff6ab54de22 TlsFree 16118->16119 16121 7ff6ab54dd7c __vcrt_FlsAlloc 16118->16121 16120 7ff6ab54ddaa LoadLibraryExW 16123 7ff6ab54ddcb GetLastError 16120->16123 16124 7ff6ab54de49 16120->16124 16121->16119 16121->16120 16122 7ff6ab54de69 GetProcAddress 16121->16122 16126 7ff6ab54dded LoadLibraryExW 16121->16126 16122->16119 16123->16121 16124->16122 16125 7ff6ab54de60 FreeLibrary 16124->16125 16125->16122 16126->16121 16126->16124 16128 7ff6ab56a530 16127->16128 16128->15947 16128->16128 16132 7ff6ab55f4f0 16129->16132 16130 7ff6ab55f543 16448 7ff6ab55a884 16130->16448 16132->16130 16133 7ff6ab55f596 16132->16133 16458 7ff6ab55f3c8 16133->16458 16134 7ff6ab55f56c 16134->15951 16565 7ff6ab54c8c0 16136->16565 16139 7ff6ab5436eb GetLastError 16572 7ff6ab542c50 16139->16572 16140 7ff6ab543710 16567 7ff6ab5492f0 FindFirstFileExW 16140->16567 16144 7ff6ab54377d 16598 7ff6ab5494b0 16144->16598 16145 7ff6ab543723 16587 7ff6ab549370 CreateFileW 16145->16587 16147 7ff6ab54c5c0 _log10_special 8 API calls 16150 7ff6ab5437b5 16147->16150 16149 7ff6ab54378b 16152 7ff6ab543706 16149->16152 16155 7ff6ab542810 49 API calls 16149->16155 16150->16029 16158 7ff6ab541950 16150->16158 16152->16147 16153 7ff6ab54374c __vcrt_FlsAlloc 16153->16144 16154 7ff6ab543734 16590 7ff6ab542810 16154->16590 16155->16152 16159 7ff6ab5445b0 108 API calls 16158->16159 16160 7ff6ab541985 16159->16160 16161 7ff6ab541c43 16160->16161 16163 7ff6ab547f80 83 API calls 16160->16163 16162 7ff6ab54c5c0 _log10_special 8 API calls 16161->16162 16165 7ff6ab541c5e 16162->16165 16164 7ff6ab5419cb 16163->16164 16207 7ff6ab541a03 16164->16207 17003 7ff6ab550744 16164->17003 16165->15958 16165->15959 16167 7ff6ab5500bc 74 API calls 16167->16161 16168 7ff6ab5419e5 16169 7ff6ab5419e9 16168->16169 16170 7ff6ab541a08 16168->16170 16171 7ff6ab554f78 _get_daylight 11 API calls 16169->16171 17007 7ff6ab55040c 16170->17007 16173 7ff6ab5419ee 16171->16173 17010 7ff6ab542910 16173->17010 16176 7ff6ab541a26 16178 7ff6ab554f78 _get_daylight 11 API calls 16176->16178 16177 7ff6ab541a45 16180 7ff6ab541a5c 16177->16180 16181 7ff6ab541a7b 16177->16181 16179 7ff6ab541a2b 16178->16179 16182 7ff6ab542910 54 API calls 16179->16182 16183 7ff6ab554f78 _get_daylight 11 API calls 16180->16183 16184 7ff6ab541c80 49 API calls 16181->16184 16182->16207 16185 7ff6ab541a61 16183->16185 16186 7ff6ab541a92 16184->16186 16187 7ff6ab542910 54 API calls 16185->16187 16188 7ff6ab541c80 49 API calls 16186->16188 16187->16207 16189 7ff6ab541add 16188->16189 16190 7ff6ab550744 73 API calls 16189->16190 16191 7ff6ab541b01 16190->16191 16192 7ff6ab541b16 16191->16192 16193 7ff6ab541b35 16191->16193 16194 7ff6ab554f78 _get_daylight 11 API calls 16192->16194 16195 7ff6ab55040c _fread_nolock 53 API calls 16193->16195 16196 7ff6ab541b1b 16194->16196 16197 7ff6ab541b4a 16195->16197 16198 7ff6ab542910 54 API calls 16196->16198 16199 7ff6ab541b50 16197->16199 16200 7ff6ab541b6f 16197->16200 16198->16207 16202 7ff6ab554f78 _get_daylight 11 API calls 16199->16202 17025 7ff6ab550180 16200->17025 16204 7ff6ab541b55 16202->16204 16205 7ff6ab542910 54 API calls 16204->16205 16205->16207 16206 7ff6ab542710 54 API calls 16206->16207 16207->16167 16209 7ff6ab548a2a 16208->16209 16210 7ff6ab549400 2 API calls 16209->16210 16211 7ff6ab548a49 GetEnvironmentVariableW 16210->16211 16212 7ff6ab548a66 ExpandEnvironmentStringsW 16211->16212 16213 7ff6ab548ab2 16211->16213 16212->16213 16214 7ff6ab548a88 16212->16214 16215 7ff6ab54c5c0 _log10_special 8 API calls 16213->16215 16216 7ff6ab5494b0 2 API calls 16214->16216 16217 7ff6ab548ac4 16215->16217 16218 7ff6ab548a9a 16216->16218 16217->15966 16219 7ff6ab54c5c0 _log10_special 8 API calls 16218->16219 16220 7ff6ab548aaa 16219->16220 16220->15966 16222 7ff6ab5490f5 16221->16222 17243 7ff6ab548760 GetCurrentProcess OpenProcessToken 16222->17243 16225 7ff6ab548760 7 API calls 16226 7ff6ab549121 16225->16226 16227 7ff6ab54913a 16226->16227 16228 7ff6ab549154 16226->16228 16229 7ff6ab5426b0 48 API calls 16227->16229 16230 7ff6ab5426b0 48 API calls 16228->16230 16231 7ff6ab549152 16229->16231 16232 7ff6ab549167 LocalFree LocalFree 16230->16232 16231->16232 16233 7ff6ab549183 16232->16233 16235 7ff6ab54918f 16232->16235 17253 7ff6ab542b50 16233->17253 16236 7ff6ab54c5c0 _log10_special 8 API calls 16235->16236 16237 7ff6ab543c55 16236->16237 16237->16012 16238 7ff6ab548850 16237->16238 16239 7ff6ab548868 16238->16239 16240 7ff6ab5488ea GetTempPathW GetCurrentProcessId 16239->16240 16241 7ff6ab54888c 16239->16241 17262 7ff6ab5425c0 16240->17262 16243 7ff6ab548a20 14 API calls 16241->16243 16245 7ff6ab548898 16243->16245 16244 7ff6ab548918 __vcrt_freefls 16257 7ff6ab548955 __vcrt_freefls 16244->16257 17266 7ff6ab558bd8 16244->17266 17269 7ff6ab5481c0 16245->17269 16250 7ff6ab5488d8 __vcrt_freefls 16270 7ff6ab5489c4 __vcrt_freefls 16250->16270 16253 7ff6ab5488be __vcrt_freefls 16253->16240 16260 7ff6ab5488cc 16253->16260 16256 7ff6ab54c5c0 _log10_special 8 API calls 16259 7ff6ab543cbb 16256->16259 16262 7ff6ab549400 2 API calls 16257->16262 16257->16270 16259->16012 16259->16023 16261 7ff6ab542810 49 API calls 16260->16261 16261->16250 16263 7ff6ab5489a1 16262->16263 16264 7ff6ab5489a6 16263->16264 16265 7ff6ab5489d9 16263->16265 16267 7ff6ab549400 2 API calls 16264->16267 16266 7ff6ab5582a8 38 API calls 16265->16266 16266->16270 16268 7ff6ab5489b6 16267->16268 16269 7ff6ab5582a8 38 API calls 16268->16269 16269->16270 16270->16256 16272 7ff6ab549422 MultiByteToWideChar 16271->16272 16274 7ff6ab549446 16271->16274 16272->16274 16275 7ff6ab54945c __vcrt_freefls 16272->16275 16273 7ff6ab549463 MultiByteToWideChar 16273->16275 16274->16273 16274->16275 16275->16026 16287 7ff6ab5433ce __scrt_get_show_window_mode 16276->16287 16277 7ff6ab54c5c0 _log10_special 8 API calls 16279 7ff6ab543664 16277->16279 16278 7ff6ab5435c7 16278->16277 16279->16029 16295 7ff6ab5490c0 LocalFree 16279->16295 16281 7ff6ab541c80 49 API calls 16281->16287 16282 7ff6ab5435e2 16284 7ff6ab542710 54 API calls 16282->16284 16284->16278 16286 7ff6ab5435c9 16290 7ff6ab542710 54 API calls 16286->16290 16287->16278 16287->16281 16287->16282 16287->16286 16289 7ff6ab542a50 54 API calls 16287->16289 16293 7ff6ab5435d0 16287->16293 17558 7ff6ab544550 16287->17558 17564 7ff6ab547e10 16287->17564 17575 7ff6ab541600 16287->17575 17623 7ff6ab547110 16287->17623 17627 7ff6ab544180 16287->17627 17671 7ff6ab544440 16287->17671 16289->16287 16290->16278 16294 7ff6ab542710 54 API calls 16293->16294 16294->16278 16297 7ff6ab541ca5 16296->16297 16298 7ff6ab5549f4 49 API calls 16297->16298 16299 7ff6ab541cc8 16298->16299 16299->15962 16301 7ff6ab549400 2 API calls 16300->16301 16302 7ff6ab548ba4 16301->16302 16303 7ff6ab5582a8 38 API calls 16302->16303 16304 7ff6ab548bb6 __vcrt_freefls 16303->16304 16304->15976 16306 7ff6ab5445bc 16305->16306 16307 7ff6ab549400 2 API calls 16306->16307 16308 7ff6ab5445e4 16307->16308 16309 7ff6ab549400 2 API calls 16308->16309 16310 7ff6ab5445f7 16309->16310 17854 7ff6ab556004 16310->17854 16313 7ff6ab54c5c0 _log10_special 8 API calls 16314 7ff6ab54392b 16313->16314 16314->15965 16315 7ff6ab547f80 16314->16315 16316 7ff6ab547fa4 16315->16316 16317 7ff6ab550744 73 API calls 16316->16317 16322 7ff6ab54807b __vcrt_freefls 16316->16322 16318 7ff6ab547fc0 16317->16318 16318->16322 18245 7ff6ab557938 16318->18245 16320 7ff6ab550744 73 API calls 16323 7ff6ab547fd5 16320->16323 16321 7ff6ab55040c _fread_nolock 53 API calls 16321->16323 16322->15969 16323->16320 16323->16321 16323->16322 16325 7ff6ab5500ec 16324->16325 18260 7ff6ab54fe98 16325->18260 16327 7ff6ab550105 16327->15965 16329 7ff6ab54c8c0 16328->16329 16330 7ff6ab542734 GetCurrentProcessId 16329->16330 16331 7ff6ab541c80 49 API calls 16330->16331 16332 7ff6ab542787 16331->16332 16333 7ff6ab5549f4 49 API calls 16332->16333 16334 7ff6ab5427cf 16333->16334 16335 7ff6ab542620 12 API calls 16334->16335 16336 7ff6ab5427f1 16335->16336 16337 7ff6ab54c5c0 _log10_special 8 API calls 16336->16337 16338 7ff6ab542801 16337->16338 16338->16029 16340 7ff6ab549400 2 API calls 16339->16340 16341 7ff6ab548b4c 16340->16341 16342 7ff6ab549400 2 API calls 16341->16342 16343 7ff6ab548b5c 16342->16343 16344 7ff6ab5582a8 38 API calls 16343->16344 16345 7ff6ab548b6a __vcrt_freefls 16344->16345 16345->15979 16347 7ff6ab54c5c9 16346->16347 16348 7ff6ab543ca7 16347->16348 16349 7ff6ab54c950 IsProcessorFeaturePresent 16347->16349 16348->16087 16350 7ff6ab54c968 16349->16350 18271 7ff6ab54cb48 RtlCaptureContext 16350->18271 16356 7ff6ab541c80 49 API calls 16355->16356 16357 7ff6ab5444ed 16356->16357 16357->16007 16359 7ff6ab541c80 49 API calls 16358->16359 16360 7ff6ab544650 16359->16360 16360->16023 16362 7ff6ab546dc5 16361->16362 16363 7ff6ab543e6c 16362->16363 16364 7ff6ab554f78 _get_daylight 11 API calls 16362->16364 16367 7ff6ab547330 16363->16367 16365 7ff6ab546dd2 16364->16365 16366 7ff6ab542910 54 API calls 16365->16366 16366->16363 18276 7ff6ab541470 16367->18276 16369 7ff6ab547358 16370 7ff6ab5474a9 __vcrt_freefls 16369->16370 16371 7ff6ab544620 49 API calls 16369->16371 16370->16059 16372 7ff6ab54737a 16371->16372 16373 7ff6ab54737f 16372->16373 16374 7ff6ab544620 49 API calls 16372->16374 16375 7ff6ab542a50 54 API calls 16373->16375 16376 7ff6ab54739e 16374->16376 16375->16370 16376->16373 16377 7ff6ab544620 49 API calls 16376->16377 16378 7ff6ab5473ba 16377->16378 16378->16373 16379 7ff6ab5473c3 16378->16379 16380 7ff6ab542710 54 API calls 16379->16380 16381 7ff6ab547433 memcpy_s __vcrt_freefls 16379->16381 16380->16370 16381->16059 16383 7ff6ab546e0c 16382->16383 16385 7ff6ab541840 45 API calls 16383->16385 16387 7ff6ab546f9a 16383->16387 16388 7ff6ab541c80 49 API calls 16383->16388 16390 7ff6ab546f2f 16383->16390 16391 7ff6ab546f87 16383->16391 16393 7ff6ab544550 10 API calls 16383->16393 16394 7ff6ab547e10 52 API calls 16383->16394 16395 7ff6ab542a50 54 API calls 16383->16395 16396 7ff6ab546f74 16383->16396 16397 7ff6ab541600 118 API calls 16383->16397 16399 7ff6ab546f5d 16383->16399 16384 7ff6ab54c5c0 _log10_special 8 API calls 16386 7ff6ab546f41 16384->16386 16385->16383 16386->16062 16389 7ff6ab542710 54 API calls 16387->16389 16388->16383 16389->16390 16390->16384 16392 7ff6ab542710 54 API calls 16391->16392 16392->16390 16393->16383 16394->16383 16395->16383 16398 7ff6ab542710 54 API calls 16396->16398 16397->16383 16398->16390 16400 7ff6ab542710 54 API calls 16399->16400 16400->16390 18306 7ff6ab549070 16401->18306 16403 7ff6ab5471b9 16404 7ff6ab549070 3 API calls 16403->16404 16405 7ff6ab5471cc 16404->16405 16406 7ff6ab5471ff 16405->16406 16407 7ff6ab5471e4 16405->16407 16418 7ff6ab54c8c0 16417->16418 16419 7ff6ab542a74 GetCurrentProcessId 16418->16419 16420 7ff6ab541c80 49 API calls 16419->16420 16421 7ff6ab542ac7 16420->16421 16422 7ff6ab5549f4 49 API calls 16421->16422 16423 7ff6ab542b0f 16422->16423 16424 7ff6ab542620 12 API calls 16423->16424 16425 7ff6ab542b31 16424->16425 18382 7ff6ab546350 16435->18382 16438 7ff6ab543399 16444 7ff6ab543670 16438->16444 16440 7ff6ab543381 16440->16438 18450 7ff6ab546040 16440->18450 16442 7ff6ab54338d 16442->16438 16445 7ff6ab54367e 16444->16445 16446 7ff6ab54368f 16445->16446 18670 7ff6ab549050 FreeLibrary 16445->18670 16446->16051 16465 7ff6ab55a5cc 16448->16465 16452 7ff6ab55a8bf 16452->16134 16564 7ff6ab5554dc EnterCriticalSection 16458->16564 16466 7ff6ab55a5e8 GetLastError 16465->16466 16467 7ff6ab55a623 16465->16467 16468 7ff6ab55a5f8 16466->16468 16467->16452 16471 7ff6ab55a638 16467->16471 16478 7ff6ab55b400 16468->16478 16472 7ff6ab55a66c 16471->16472 16473 7ff6ab55a654 GetLastError SetLastError 16471->16473 16472->16452 16474 7ff6ab55a970 IsProcessorFeaturePresent 16472->16474 16473->16472 16475 7ff6ab55a983 16474->16475 16556 7ff6ab55a684 16475->16556 16479 7ff6ab55b43a FlsSetValue 16478->16479 16480 7ff6ab55b41f FlsGetValue 16478->16480 16481 7ff6ab55b447 16479->16481 16484 7ff6ab55a613 SetLastError 16479->16484 16482 7ff6ab55b434 16480->16482 16480->16484 16495 7ff6ab55ec08 16481->16495 16482->16479 16484->16467 16486 7ff6ab55b474 FlsSetValue 16489 7ff6ab55b492 16486->16489 16490 7ff6ab55b480 FlsSetValue 16486->16490 16487 7ff6ab55b464 FlsSetValue 16488 7ff6ab55b46d 16487->16488 16502 7ff6ab55a9b8 16488->16502 16508 7ff6ab55af64 16489->16508 16490->16488 16500 7ff6ab55ec19 _get_daylight 16495->16500 16496 7ff6ab55ec6a 16516 7ff6ab554f78 16496->16516 16497 7ff6ab55ec4e HeapAlloc 16498 7ff6ab55b456 16497->16498 16497->16500 16498->16486 16498->16487 16500->16496 16500->16497 16513 7ff6ab563600 16500->16513 16503 7ff6ab55a9bd RtlFreeHeap 16502->16503 16504 7ff6ab55a9ec 16502->16504 16503->16504 16505 7ff6ab55a9d8 GetLastError 16503->16505 16504->16484 16506 7ff6ab55a9e5 Concurrency::details::SchedulerProxy::DeleteThis 16505->16506 16507 7ff6ab554f78 _get_daylight 9 API calls 16506->16507 16507->16504 16542 7ff6ab55ae3c 16508->16542 16519 7ff6ab563640 16513->16519 16525 7ff6ab55b338 GetLastError 16516->16525 16518 7ff6ab554f81 16518->16498 16524 7ff6ab560348 EnterCriticalSection 16519->16524 16526 7ff6ab55b379 FlsSetValue 16525->16526 16527 7ff6ab55b35c 16525->16527 16528 7ff6ab55b38b 16526->16528 16531 7ff6ab55b369 16526->16531 16527->16526 16527->16531 16530 7ff6ab55ec08 _get_daylight 5 API calls 16528->16530 16529 7ff6ab55b3e5 SetLastError 16529->16518 16532 7ff6ab55b39a 16530->16532 16531->16529 16533 7ff6ab55b3b8 FlsSetValue 16532->16533 16534 7ff6ab55b3a8 FlsSetValue 16532->16534 16535 7ff6ab55b3d6 16533->16535 16536 7ff6ab55b3c4 FlsSetValue 16533->16536 16537 7ff6ab55b3b1 16534->16537 16538 7ff6ab55af64 _get_daylight 5 API calls 16535->16538 16536->16537 16539 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16537->16539 16540 7ff6ab55b3de 16538->16540 16539->16531 16541 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16540->16541 16541->16529 16554 7ff6ab560348 EnterCriticalSection 16542->16554 16557 7ff6ab55a6be __CxxCallCatchBlock __scrt_get_show_window_mode 16556->16557 16558 7ff6ab55a6e6 RtlCaptureContext RtlLookupFunctionEntry 16557->16558 16559 7ff6ab55a756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16558->16559 16560 7ff6ab55a720 RtlVirtualUnwind 16558->16560 16561 7ff6ab55a7a8 __CxxCallCatchBlock 16559->16561 16560->16559 16562 7ff6ab54c5c0 _log10_special 8 API calls 16561->16562 16563 7ff6ab55a7c7 GetCurrentProcess TerminateProcess 16562->16563 16566 7ff6ab5436bc GetModuleFileNameW 16565->16566 16566->16139 16566->16140 16568 7ff6ab54932f FindClose 16567->16568 16569 7ff6ab549342 16567->16569 16568->16569 16570 7ff6ab54c5c0 _log10_special 8 API calls 16569->16570 16571 7ff6ab54371a 16570->16571 16571->16144 16571->16145 16573 7ff6ab54c8c0 16572->16573 16574 7ff6ab542c70 GetCurrentProcessId 16573->16574 16603 7ff6ab5426b0 16574->16603 16576 7ff6ab542cb9 16607 7ff6ab554c48 16576->16607 16579 7ff6ab5426b0 48 API calls 16580 7ff6ab542d34 FormatMessageW 16579->16580 16582 7ff6ab542d6d 16580->16582 16583 7ff6ab542d7f MessageBoxW 16580->16583 16584 7ff6ab5426b0 48 API calls 16582->16584 16585 7ff6ab54c5c0 _log10_special 8 API calls 16583->16585 16584->16583 16586 7ff6ab542daf 16585->16586 16586->16152 16588 7ff6ab543730 16587->16588 16589 7ff6ab5493b0 GetFinalPathNameByHandleW CloseHandle 16587->16589 16588->16153 16588->16154 16589->16588 16591 7ff6ab542834 16590->16591 16592 7ff6ab5426b0 48 API calls 16591->16592 16593 7ff6ab542887 16592->16593 16594 7ff6ab554c48 48 API calls 16593->16594 16595 7ff6ab5428d0 MessageBoxW 16594->16595 16596 7ff6ab54c5c0 _log10_special 8 API calls 16595->16596 16597 7ff6ab542900 16596->16597 16597->16152 16599 7ff6ab5494da WideCharToMultiByte 16598->16599 16600 7ff6ab549505 16598->16600 16599->16600 16602 7ff6ab54951b __vcrt_freefls 16599->16602 16601 7ff6ab549522 WideCharToMultiByte 16600->16601 16600->16602 16601->16602 16602->16149 16604 7ff6ab5426d5 16603->16604 16605 7ff6ab554c48 48 API calls 16604->16605 16606 7ff6ab5426f8 16605->16606 16606->16576 16611 7ff6ab554ca2 16607->16611 16608 7ff6ab554cc7 16609 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16608->16609 16613 7ff6ab554cf1 16609->16613 16610 7ff6ab554d03 16625 7ff6ab553000 16610->16625 16611->16608 16611->16610 16616 7ff6ab54c5c0 _log10_special 8 API calls 16613->16616 16614 7ff6ab554de4 16615 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16614->16615 16615->16613 16618 7ff6ab542d04 16616->16618 16618->16579 16619 7ff6ab554e0a 16619->16614 16622 7ff6ab554e14 16619->16622 16620 7ff6ab554db9 16623 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16620->16623 16621 7ff6ab554db0 16621->16614 16621->16620 16624 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16622->16624 16623->16613 16624->16613 16626 7ff6ab55303e 16625->16626 16627 7ff6ab55302e 16625->16627 16628 7ff6ab553047 16626->16628 16632 7ff6ab553075 16626->16632 16631 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16627->16631 16629 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16628->16629 16630 7ff6ab55306d 16629->16630 16630->16614 16630->16619 16630->16620 16630->16621 16631->16630 16632->16627 16632->16630 16636 7ff6ab553a14 16632->16636 16669 7ff6ab553460 16632->16669 16706 7ff6ab552bf0 16632->16706 16637 7ff6ab553a56 16636->16637 16638 7ff6ab553ac7 16636->16638 16641 7ff6ab553a5c 16637->16641 16642 7ff6ab553af1 16637->16642 16639 7ff6ab553acc 16638->16639 16640 7ff6ab553b20 16638->16640 16643 7ff6ab553ace 16639->16643 16644 7ff6ab553b01 16639->16644 16648 7ff6ab553b2a 16640->16648 16649 7ff6ab553b37 16640->16649 16654 7ff6ab553b2f 16640->16654 16645 7ff6ab553a90 16641->16645 16646 7ff6ab553a61 16641->16646 16729 7ff6ab551dc4 16642->16729 16647 7ff6ab553a70 16643->16647 16656 7ff6ab553add 16643->16656 16736 7ff6ab5519b4 16644->16736 16651 7ff6ab553a67 16645->16651 16645->16654 16646->16649 16646->16651 16667 7ff6ab553b60 16647->16667 16709 7ff6ab5541c8 16647->16709 16648->16642 16648->16654 16743 7ff6ab55471c 16649->16743 16651->16647 16657 7ff6ab553aa2 16651->16657 16664 7ff6ab553a8b 16651->16664 16654->16667 16747 7ff6ab5521d4 16654->16747 16656->16642 16659 7ff6ab553ae2 16656->16659 16657->16667 16719 7ff6ab554504 16657->16719 16659->16667 16725 7ff6ab5545c8 16659->16725 16661 7ff6ab54c5c0 _log10_special 8 API calls 16663 7ff6ab553e5a 16661->16663 16663->16632 16664->16667 16668 7ff6ab553d4c 16664->16668 16754 7ff6ab554830 16664->16754 16667->16661 16668->16667 16760 7ff6ab55ea78 16668->16760 16670 7ff6ab553484 16669->16670 16671 7ff6ab55346e 16669->16671 16672 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16670->16672 16683 7ff6ab5534c4 16670->16683 16673 7ff6ab553a56 16671->16673 16674 7ff6ab553ac7 16671->16674 16671->16683 16672->16683 16677 7ff6ab553a5c 16673->16677 16678 7ff6ab553af1 16673->16678 16675 7ff6ab553acc 16674->16675 16676 7ff6ab553b20 16674->16676 16679 7ff6ab553ace 16675->16679 16680 7ff6ab553b01 16675->16680 16684 7ff6ab553b2a 16676->16684 16685 7ff6ab553b37 16676->16685 16690 7ff6ab553b2f 16676->16690 16681 7ff6ab553a90 16677->16681 16682 7ff6ab553a61 16677->16682 16686 7ff6ab551dc4 38 API calls 16678->16686 16692 7ff6ab553add 16679->16692 16696 7ff6ab553a70 16679->16696 16688 7ff6ab5519b4 38 API calls 16680->16688 16687 7ff6ab553a67 16681->16687 16681->16690 16682->16685 16682->16687 16683->16632 16684->16678 16684->16690 16691 7ff6ab55471c 45 API calls 16685->16691 16701 7ff6ab553a8b 16686->16701 16693 7ff6ab553aa2 16687->16693 16687->16696 16687->16701 16688->16701 16689 7ff6ab5541c8 47 API calls 16689->16701 16694 7ff6ab5521d4 38 API calls 16690->16694 16704 7ff6ab553b60 16690->16704 16691->16701 16692->16678 16695 7ff6ab553ae2 16692->16695 16697 7ff6ab554504 46 API calls 16693->16697 16693->16704 16694->16701 16699 7ff6ab5545c8 37 API calls 16695->16699 16695->16704 16696->16689 16696->16704 16697->16701 16698 7ff6ab54c5c0 _log10_special 8 API calls 16700 7ff6ab553e5a 16698->16700 16699->16701 16700->16632 16702 7ff6ab554830 45 API calls 16701->16702 16701->16704 16705 7ff6ab553d4c 16701->16705 16702->16705 16703 7ff6ab55ea78 46 API calls 16703->16705 16704->16698 16705->16703 16705->16704 16986 7ff6ab551038 16706->16986 16710 7ff6ab5541ee 16709->16710 16772 7ff6ab550bf0 16710->16772 16715 7ff6ab554830 45 API calls 16718 7ff6ab554333 16715->16718 16716 7ff6ab554830 45 API calls 16717 7ff6ab5543c1 16716->16717 16717->16664 16718->16716 16718->16717 16718->16718 16720 7ff6ab554539 16719->16720 16721 7ff6ab554557 16720->16721 16722 7ff6ab554830 45 API calls 16720->16722 16724 7ff6ab55457e 16720->16724 16723 7ff6ab55ea78 46 API calls 16721->16723 16722->16721 16723->16724 16724->16664 16727 7ff6ab5545e9 16725->16727 16726 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16728 7ff6ab55461a 16726->16728 16727->16726 16727->16728 16728->16664 16730 7ff6ab551df7 16729->16730 16731 7ff6ab551e26 16730->16731 16733 7ff6ab551ee3 16730->16733 16735 7ff6ab551e63 16731->16735 16918 7ff6ab550c98 16731->16918 16734 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16733->16734 16734->16735 16735->16664 16737 7ff6ab5519e7 16736->16737 16738 7ff6ab551a16 16737->16738 16740 7ff6ab551ad3 16737->16740 16739 7ff6ab550c98 12 API calls 16738->16739 16742 7ff6ab551a53 16738->16742 16739->16742 16741 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16740->16741 16741->16742 16742->16664 16744 7ff6ab55475f 16743->16744 16746 7ff6ab554763 __crtLCMapStringW 16744->16746 16926 7ff6ab5547b8 16744->16926 16746->16664 16748 7ff6ab552207 16747->16748 16749 7ff6ab552236 16748->16749 16751 7ff6ab5522f3 16748->16751 16750 7ff6ab550c98 12 API calls 16749->16750 16753 7ff6ab552273 16749->16753 16750->16753 16752 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16751->16752 16752->16753 16753->16664 16755 7ff6ab554847 16754->16755 16930 7ff6ab55da28 16755->16930 16762 7ff6ab55eaa9 16760->16762 16770 7ff6ab55eab7 16760->16770 16761 7ff6ab55ead7 16763 7ff6ab55eae8 16761->16763 16764 7ff6ab55eb0f 16761->16764 16762->16761 16765 7ff6ab554830 45 API calls 16762->16765 16762->16770 16976 7ff6ab560110 16763->16976 16767 7ff6ab55eb9a 16764->16767 16768 7ff6ab55eb39 16764->16768 16764->16770 16765->16761 16769 7ff6ab55f910 _fread_nolock MultiByteToWideChar 16767->16769 16768->16770 16979 7ff6ab55f910 16768->16979 16769->16770 16770->16668 16773 7ff6ab550c27 16772->16773 16779 7ff6ab550c16 16772->16779 16773->16779 16802 7ff6ab55d66c 16773->16802 16776 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16778 7ff6ab550c68 16776->16778 16777 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16777->16779 16778->16777 16780 7ff6ab55e5e0 16779->16780 16781 7ff6ab55e5fd 16780->16781 16782 7ff6ab55e630 16780->16782 16783 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16781->16783 16782->16781 16784 7ff6ab55e662 16782->16784 16792 7ff6ab554311 16783->16792 16790 7ff6ab55e775 16784->16790 16797 7ff6ab55e6aa 16784->16797 16785 7ff6ab55e867 16842 7ff6ab55dacc 16785->16842 16787 7ff6ab55e82d 16835 7ff6ab55de64 16787->16835 16789 7ff6ab55e7fc 16828 7ff6ab55e144 16789->16828 16790->16785 16790->16787 16790->16789 16791 7ff6ab55e7bf 16790->16791 16794 7ff6ab55e7b5 16790->16794 16818 7ff6ab55e374 16791->16818 16792->16715 16792->16718 16794->16787 16796 7ff6ab55e7ba 16794->16796 16796->16789 16796->16791 16797->16792 16809 7ff6ab55a514 16797->16809 16800 7ff6ab55a970 _isindst 17 API calls 16801 7ff6ab55e8c4 16800->16801 16803 7ff6ab55d67b _get_daylight 16802->16803 16804 7ff6ab55d6b7 16802->16804 16803->16804 16805 7ff6ab55d69e HeapAlloc 16803->16805 16808 7ff6ab563600 _get_daylight 2 API calls 16803->16808 16806 7ff6ab554f78 _get_daylight 11 API calls 16804->16806 16805->16803 16807 7ff6ab550c54 16805->16807 16806->16807 16807->16776 16807->16778 16808->16803 16810 7ff6ab55a521 16809->16810 16812 7ff6ab55a52b 16809->16812 16810->16812 16816 7ff6ab55a546 16810->16816 16811 7ff6ab554f78 _get_daylight 11 API calls 16813 7ff6ab55a532 16811->16813 16812->16811 16851 7ff6ab55a950 16813->16851 16815 7ff6ab55a53e 16815->16792 16815->16800 16816->16815 16817 7ff6ab554f78 _get_daylight 11 API calls 16816->16817 16817->16813 16854 7ff6ab56411c 16818->16854 16822 7ff6ab55e41c 16823 7ff6ab55e471 16822->16823 16825 7ff6ab55e43c 16822->16825 16827 7ff6ab55e420 16822->16827 16907 7ff6ab55df60 16823->16907 16825->16825 16903 7ff6ab55e21c 16825->16903 16827->16792 16829 7ff6ab56411c 38 API calls 16828->16829 16830 7ff6ab55e18e 16829->16830 16831 7ff6ab563b64 37 API calls 16830->16831 16832 7ff6ab55e1de 16831->16832 16833 7ff6ab55e1e2 16832->16833 16834 7ff6ab55e21c 45 API calls 16832->16834 16833->16792 16834->16833 16836 7ff6ab56411c 38 API calls 16835->16836 16837 7ff6ab55deaf 16836->16837 16838 7ff6ab563b64 37 API calls 16837->16838 16839 7ff6ab55df07 16838->16839 16840 7ff6ab55df0b 16839->16840 16841 7ff6ab55df60 45 API calls 16839->16841 16840->16792 16841->16840 16843 7ff6ab55db44 16842->16843 16844 7ff6ab55db11 16842->16844 16845 7ff6ab55db5c 16843->16845 16848 7ff6ab55dbdd 16843->16848 16846 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16844->16846 16847 7ff6ab55de64 46 API calls 16845->16847 16850 7ff6ab55db3d __scrt_get_show_window_mode 16846->16850 16847->16850 16849 7ff6ab554830 45 API calls 16848->16849 16848->16850 16849->16850 16850->16792 16852 7ff6ab55a7e8 _invalid_parameter_noinfo 37 API calls 16851->16852 16853 7ff6ab55a969 16852->16853 16853->16815 16855 7ff6ab56416f fegetenv 16854->16855 16856 7ff6ab567e9c 37 API calls 16855->16856 16860 7ff6ab5641c2 16856->16860 16857 7ff6ab5641ef 16862 7ff6ab55a514 __std_exception_copy 37 API calls 16857->16862 16858 7ff6ab5642b2 16859 7ff6ab567e9c 37 API calls 16858->16859 16861 7ff6ab5642dc 16859->16861 16860->16858 16863 7ff6ab56428c 16860->16863 16864 7ff6ab5641dd 16860->16864 16865 7ff6ab567e9c 37 API calls 16861->16865 16866 7ff6ab56426d 16862->16866 16869 7ff6ab55a514 __std_exception_copy 37 API calls 16863->16869 16864->16857 16864->16858 16867 7ff6ab5642ed 16865->16867 16868 7ff6ab565394 16866->16868 16873 7ff6ab564275 16866->16873 16870 7ff6ab568090 20 API calls 16867->16870 16871 7ff6ab55a970 _isindst 17 API calls 16868->16871 16869->16866 16881 7ff6ab564356 __scrt_get_show_window_mode 16870->16881 16872 7ff6ab5653a9 16871->16872 16874 7ff6ab54c5c0 _log10_special 8 API calls 16873->16874 16875 7ff6ab55e3c1 16874->16875 16899 7ff6ab563b64 16875->16899 16876 7ff6ab5646ff __scrt_get_show_window_mode 16877 7ff6ab564a3f 16878 7ff6ab563c80 37 API calls 16877->16878 16885 7ff6ab565157 16878->16885 16879 7ff6ab5649eb 16879->16877 16882 7ff6ab5653ac memcpy_s 37 API calls 16879->16882 16880 7ff6ab564397 memcpy_s 16892 7ff6ab564cdb memcpy_s __scrt_get_show_window_mode 16880->16892 16893 7ff6ab5647f3 memcpy_s __scrt_get_show_window_mode 16880->16893 16881->16876 16881->16880 16883 7ff6ab554f78 _get_daylight 11 API calls 16881->16883 16882->16877 16884 7ff6ab5647d0 16883->16884 16886 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 16884->16886 16888 7ff6ab5653ac memcpy_s 37 API calls 16885->16888 16898 7ff6ab5651b2 16885->16898 16886->16880 16887 7ff6ab565338 16889 7ff6ab567e9c 37 API calls 16887->16889 16888->16898 16889->16873 16890 7ff6ab554f78 11 API calls _get_daylight 16890->16893 16891 7ff6ab554f78 11 API calls _get_daylight 16891->16892 16892->16877 16892->16879 16892->16891 16895 7ff6ab55a950 37 API calls _invalid_parameter_noinfo 16892->16895 16893->16879 16893->16890 16896 7ff6ab55a950 37 API calls _invalid_parameter_noinfo 16893->16896 16894 7ff6ab563c80 37 API calls 16894->16898 16895->16892 16896->16893 16897 7ff6ab5653ac memcpy_s 37 API calls 16897->16898 16898->16887 16898->16894 16898->16897 16900 7ff6ab563b83 16899->16900 16901 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16900->16901 16902 7ff6ab563bae memcpy_s 16900->16902 16901->16902 16902->16822 16904 7ff6ab55e248 memcpy_s 16903->16904 16905 7ff6ab554830 45 API calls 16904->16905 16906 7ff6ab55e302 memcpy_s __scrt_get_show_window_mode 16904->16906 16905->16906 16906->16827 16908 7ff6ab55df9b 16907->16908 16912 7ff6ab55dfe8 memcpy_s 16907->16912 16909 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16908->16909 16910 7ff6ab55dfc7 16909->16910 16910->16827 16911 7ff6ab55e053 16913 7ff6ab55a514 __std_exception_copy 37 API calls 16911->16913 16912->16911 16914 7ff6ab554830 45 API calls 16912->16914 16917 7ff6ab55e095 memcpy_s 16913->16917 16914->16911 16915 7ff6ab55a970 _isindst 17 API calls 16916 7ff6ab55e140 16915->16916 16917->16915 16919 7ff6ab550ccf 16918->16919 16924 7ff6ab550cbe 16918->16924 16920 7ff6ab55d66c _fread_nolock 12 API calls 16919->16920 16919->16924 16921 7ff6ab550d00 16920->16921 16923 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16921->16923 16925 7ff6ab550d14 16921->16925 16922 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16922->16924 16923->16925 16924->16735 16925->16922 16927 7ff6ab5547d6 16926->16927 16929 7ff6ab5547de 16926->16929 16928 7ff6ab554830 45 API calls 16927->16928 16928->16929 16929->16746 16931 7ff6ab55486f 16930->16931 16932 7ff6ab55da41 16930->16932 16934 7ff6ab55da94 16931->16934 16932->16931 16938 7ff6ab563374 16932->16938 16935 7ff6ab55daad 16934->16935 16937 7ff6ab55487f 16934->16937 16935->16937 16973 7ff6ab5626c0 16935->16973 16937->16668 16950 7ff6ab55b1c0 GetLastError 16938->16950 16941 7ff6ab5633ce 16941->16931 16951 7ff6ab55b1e4 FlsGetValue 16950->16951 16952 7ff6ab55b201 FlsSetValue 16950->16952 16953 7ff6ab55b1fb 16951->16953 16969 7ff6ab55b1f1 16951->16969 16954 7ff6ab55b213 16952->16954 16952->16969 16953->16952 16955 7ff6ab55ec08 _get_daylight 11 API calls 16954->16955 16957 7ff6ab55b222 16955->16957 16956 7ff6ab55b26d SetLastError 16958 7ff6ab55b27a 16956->16958 16959 7ff6ab55b28d 16956->16959 16960 7ff6ab55b240 FlsSetValue 16957->16960 16961 7ff6ab55b230 FlsSetValue 16957->16961 16958->16941 16972 7ff6ab560348 EnterCriticalSection 16958->16972 16962 7ff6ab55a574 __CxxCallCatchBlock 38 API calls 16959->16962 16965 7ff6ab55b24c FlsSetValue 16960->16965 16966 7ff6ab55b25e 16960->16966 16964 7ff6ab55b239 16961->16964 16963 7ff6ab55b292 16962->16963 16967 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16964->16967 16965->16964 16968 7ff6ab55af64 _get_daylight 11 API calls 16966->16968 16967->16969 16970 7ff6ab55b266 16968->16970 16969->16956 16971 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16970->16971 16971->16956 16974 7ff6ab55b1c0 __CxxCallCatchBlock 45 API calls 16973->16974 16975 7ff6ab5626c9 16974->16975 16982 7ff6ab566df8 16976->16982 16981 7ff6ab55f919 MultiByteToWideChar 16979->16981 16984 7ff6ab566e5c 16982->16984 16983 7ff6ab54c5c0 _log10_special 8 API calls 16985 7ff6ab56012d 16983->16985 16984->16983 16985->16770 16987 7ff6ab55106d 16986->16987 16988 7ff6ab55107f 16986->16988 16989 7ff6ab554f78 _get_daylight 11 API calls 16987->16989 16990 7ff6ab55108d 16988->16990 16995 7ff6ab5510c9 16988->16995 16991 7ff6ab551072 16989->16991 16992 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 16990->16992 16993 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 16991->16993 17000 7ff6ab55107d 16992->17000 16993->17000 16994 7ff6ab551445 16996 7ff6ab554f78 _get_daylight 11 API calls 16994->16996 16994->17000 16995->16994 16997 7ff6ab554f78 _get_daylight 11 API calls 16995->16997 16998 7ff6ab5516d9 16996->16998 16999 7ff6ab55143a 16997->16999 17001 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 16998->17001 17002 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 16999->17002 17000->16632 17001->17000 17002->16994 17004 7ff6ab550774 17003->17004 17031 7ff6ab5504d4 17004->17031 17006 7ff6ab55078d 17006->16168 17043 7ff6ab55042c 17007->17043 17011 7ff6ab54c8c0 17010->17011 17012 7ff6ab542930 GetCurrentProcessId 17011->17012 17013 7ff6ab541c80 49 API calls 17012->17013 17014 7ff6ab542979 17013->17014 17057 7ff6ab5549f4 17014->17057 17019 7ff6ab541c80 49 API calls 17020 7ff6ab5429ff 17019->17020 17087 7ff6ab542620 17020->17087 17023 7ff6ab54c5c0 _log10_special 8 API calls 17024 7ff6ab542a31 17023->17024 17024->16207 17026 7ff6ab541b89 17025->17026 17027 7ff6ab550189 17025->17027 17026->16206 17026->16207 17028 7ff6ab554f78 _get_daylight 11 API calls 17027->17028 17029 7ff6ab55018e 17028->17029 17030 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17029->17030 17030->17026 17032 7ff6ab55053e 17031->17032 17033 7ff6ab5504fe 17031->17033 17032->17033 17034 7ff6ab55054a 17032->17034 17035 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17033->17035 17042 7ff6ab5554dc EnterCriticalSection 17034->17042 17036 7ff6ab550525 17035->17036 17036->17006 17044 7ff6ab550456 17043->17044 17055 7ff6ab541a20 17043->17055 17045 7ff6ab5504a2 17044->17045 17046 7ff6ab550465 __scrt_get_show_window_mode 17044->17046 17044->17055 17056 7ff6ab5554dc EnterCriticalSection 17045->17056 17048 7ff6ab554f78 _get_daylight 11 API calls 17046->17048 17050 7ff6ab55047a 17048->17050 17052 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17050->17052 17052->17055 17055->16176 17055->16177 17059 7ff6ab554a4e 17057->17059 17058 7ff6ab554a73 17061 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17058->17061 17059->17058 17060 7ff6ab554aaf 17059->17060 17096 7ff6ab552c80 17060->17096 17063 7ff6ab554a9d 17061->17063 17065 7ff6ab54c5c0 _log10_special 8 API calls 17063->17065 17064 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17064->17063 17067 7ff6ab5429c3 17065->17067 17075 7ff6ab5551d0 17067->17075 17068 7ff6ab554b8c 17068->17064 17069 7ff6ab554bb0 17069->17068 17072 7ff6ab554bba 17069->17072 17070 7ff6ab554b61 17073 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17070->17073 17071 7ff6ab554b58 17071->17068 17071->17070 17074 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17072->17074 17073->17063 17074->17063 17076 7ff6ab55b338 _get_daylight 11 API calls 17075->17076 17077 7ff6ab5551e7 17076->17077 17078 7ff6ab55ec08 _get_daylight 11 API calls 17077->17078 17081 7ff6ab555227 17077->17081 17084 7ff6ab5429e5 17077->17084 17079 7ff6ab55521c 17078->17079 17080 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17079->17080 17080->17081 17081->17084 17234 7ff6ab55ec90 17081->17234 17084->17019 17085 7ff6ab55a970 _isindst 17 API calls 17086 7ff6ab55526c 17085->17086 17088 7ff6ab54262f 17087->17088 17089 7ff6ab549400 2 API calls 17088->17089 17090 7ff6ab542660 17089->17090 17091 7ff6ab54266f MessageBoxW 17090->17091 17092 7ff6ab542683 MessageBoxA 17090->17092 17093 7ff6ab542690 17091->17093 17092->17093 17094 7ff6ab54c5c0 _log10_special 8 API calls 17093->17094 17095 7ff6ab5426a0 17094->17095 17095->17023 17097 7ff6ab552cbe 17096->17097 17098 7ff6ab552cae 17096->17098 17099 7ff6ab552cc7 17097->17099 17100 7ff6ab552cf5 17097->17100 17101 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17098->17101 17102 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17099->17102 17100->17098 17103 7ff6ab552ced 17100->17103 17104 7ff6ab554830 45 API calls 17100->17104 17106 7ff6ab552fa4 17100->17106 17110 7ff6ab553610 17100->17110 17136 7ff6ab5532d8 17100->17136 17166 7ff6ab552b60 17100->17166 17101->17103 17102->17103 17103->17068 17103->17069 17103->17070 17103->17071 17104->17100 17107 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17106->17107 17107->17098 17111 7ff6ab553652 17110->17111 17112 7ff6ab5536c5 17110->17112 17114 7ff6ab553658 17111->17114 17115 7ff6ab5536ef 17111->17115 17113 7ff6ab5536ca 17112->17113 17119 7ff6ab55371f 17112->17119 17116 7ff6ab5536ff 17113->17116 17118 7ff6ab5536cc 17113->17118 17121 7ff6ab55365d 17114->17121 17124 7ff6ab55372e 17114->17124 17183 7ff6ab551bc0 17115->17183 17190 7ff6ab5517b0 17116->17190 17117 7ff6ab55366d 17135 7ff6ab55375d 17117->17135 17169 7ff6ab553f74 17117->17169 17118->17117 17126 7ff6ab5536db 17118->17126 17119->17115 17119->17124 17134 7ff6ab553688 17119->17134 17121->17117 17125 7ff6ab5536a0 17121->17125 17121->17134 17124->17135 17197 7ff6ab551fd0 17124->17197 17125->17135 17179 7ff6ab554430 17125->17179 17126->17115 17128 7ff6ab5536e0 17126->17128 17131 7ff6ab5545c8 37 API calls 17128->17131 17128->17135 17130 7ff6ab54c5c0 _log10_special 8 API calls 17132 7ff6ab5539f3 17130->17132 17131->17134 17132->17100 17134->17135 17204 7ff6ab55e8c8 17134->17204 17135->17130 17137 7ff6ab5532f9 17136->17137 17138 7ff6ab5532e3 17136->17138 17139 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17137->17139 17149 7ff6ab553337 17137->17149 17140 7ff6ab553652 17138->17140 17141 7ff6ab5536c5 17138->17141 17138->17149 17139->17149 17143 7ff6ab553658 17140->17143 17144 7ff6ab5536ef 17140->17144 17142 7ff6ab5536ca 17141->17142 17147 7ff6ab55371f 17141->17147 17145 7ff6ab5536cc 17142->17145 17146 7ff6ab5536ff 17142->17146 17153 7ff6ab55365d 17143->17153 17156 7ff6ab55372e 17143->17156 17150 7ff6ab551bc0 38 API calls 17144->17150 17148 7ff6ab55366d 17145->17148 17154 7ff6ab5536db 17145->17154 17151 7ff6ab5517b0 38 API calls 17146->17151 17147->17144 17147->17156 17164 7ff6ab553688 17147->17164 17152 7ff6ab553f74 47 API calls 17148->17152 17165 7ff6ab55375d 17148->17165 17149->17100 17150->17164 17151->17164 17152->17164 17153->17148 17155 7ff6ab5536a0 17153->17155 17153->17164 17154->17144 17158 7ff6ab5536e0 17154->17158 17159 7ff6ab554430 47 API calls 17155->17159 17155->17165 17157 7ff6ab551fd0 38 API calls 17156->17157 17156->17165 17157->17164 17161 7ff6ab5545c8 37 API calls 17158->17161 17158->17165 17159->17164 17160 7ff6ab54c5c0 _log10_special 8 API calls 17162 7ff6ab5539f3 17160->17162 17161->17164 17162->17100 17163 7ff6ab55e8c8 47 API calls 17163->17164 17164->17163 17164->17165 17165->17160 17217 7ff6ab550d84 17166->17217 17170 7ff6ab553f96 17169->17170 17171 7ff6ab550bf0 12 API calls 17170->17171 17172 7ff6ab553fde 17171->17172 17173 7ff6ab55e5e0 46 API calls 17172->17173 17174 7ff6ab5540b1 17173->17174 17175 7ff6ab554830 45 API calls 17174->17175 17178 7ff6ab5540d3 17174->17178 17175->17178 17176 7ff6ab55415c 17176->17134 17176->17176 17177 7ff6ab554830 45 API calls 17177->17176 17178->17176 17178->17177 17178->17178 17180 7ff6ab554448 17179->17180 17182 7ff6ab5544b0 17179->17182 17181 7ff6ab55e8c8 47 API calls 17180->17181 17180->17182 17181->17182 17182->17134 17184 7ff6ab551bf3 17183->17184 17185 7ff6ab551c22 17184->17185 17187 7ff6ab551cdf 17184->17187 17186 7ff6ab550bf0 12 API calls 17185->17186 17189 7ff6ab551c5f 17185->17189 17186->17189 17188 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17187->17188 17188->17189 17189->17134 17191 7ff6ab5517e3 17190->17191 17192 7ff6ab551812 17191->17192 17194 7ff6ab5518cf 17191->17194 17193 7ff6ab550bf0 12 API calls 17192->17193 17196 7ff6ab55184f 17192->17196 17193->17196 17195 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17194->17195 17195->17196 17196->17134 17198 7ff6ab552003 17197->17198 17199 7ff6ab552032 17198->17199 17201 7ff6ab5520ef 17198->17201 17200 7ff6ab550bf0 12 API calls 17199->17200 17203 7ff6ab55206f 17199->17203 17200->17203 17202 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17201->17202 17202->17203 17203->17134 17206 7ff6ab55e8f0 17204->17206 17205 7ff6ab55e935 17210 7ff6ab55e8f5 __scrt_get_show_window_mode 17205->17210 17213 7ff6ab55e91e __scrt_get_show_window_mode 17205->17213 17214 7ff6ab560858 17205->17214 17206->17205 17207 7ff6ab554830 45 API calls 17206->17207 17206->17210 17206->17213 17207->17205 17208 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17208->17210 17210->17134 17213->17208 17213->17210 17216 7ff6ab56087c WideCharToMultiByte 17214->17216 17218 7ff6ab550dc3 17217->17218 17219 7ff6ab550db1 17217->17219 17222 7ff6ab550dd0 17218->17222 17225 7ff6ab550e0d 17218->17225 17220 7ff6ab554f78 _get_daylight 11 API calls 17219->17220 17221 7ff6ab550db6 17220->17221 17223 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17221->17223 17224 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17222->17224 17226 7ff6ab550dc1 17223->17226 17224->17226 17227 7ff6ab550eb6 17225->17227 17229 7ff6ab554f78 _get_daylight 11 API calls 17225->17229 17226->17100 17227->17226 17228 7ff6ab554f78 _get_daylight 11 API calls 17227->17228 17230 7ff6ab550f60 17228->17230 17231 7ff6ab550eab 17229->17231 17232 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17230->17232 17233 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17231->17233 17232->17226 17233->17227 17238 7ff6ab55ecad 17234->17238 17235 7ff6ab55ecb2 17236 7ff6ab55524d 17235->17236 17237 7ff6ab554f78 _get_daylight 11 API calls 17235->17237 17236->17084 17236->17085 17239 7ff6ab55ecbc 17237->17239 17238->17235 17238->17236 17241 7ff6ab55ecfc 17238->17241 17240 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17239->17240 17240->17236 17241->17236 17242 7ff6ab554f78 _get_daylight 11 API calls 17241->17242 17242->17239 17244 7ff6ab5487a1 GetTokenInformation 17243->17244 17247 7ff6ab548823 __vcrt_freefls 17243->17247 17245 7ff6ab5487cd 17244->17245 17246 7ff6ab5487c2 GetLastError 17244->17246 17245->17247 17250 7ff6ab5487e9 GetTokenInformation 17245->17250 17246->17245 17246->17247 17248 7ff6ab54883c 17247->17248 17249 7ff6ab548836 CloseHandle 17247->17249 17248->16225 17249->17248 17250->17247 17251 7ff6ab54880c 17250->17251 17251->17247 17252 7ff6ab548816 ConvertSidToStringSidW 17251->17252 17252->17247 17254 7ff6ab54c8c0 17253->17254 17255 7ff6ab542b74 GetCurrentProcessId 17254->17255 17256 7ff6ab5426b0 48 API calls 17255->17256 17257 7ff6ab542bc7 17256->17257 17258 7ff6ab554c48 48 API calls 17257->17258 17259 7ff6ab542c10 MessageBoxW 17258->17259 17260 7ff6ab54c5c0 _log10_special 8 API calls 17259->17260 17261 7ff6ab542c40 17260->17261 17261->16235 17263 7ff6ab5425e5 17262->17263 17264 7ff6ab554c48 48 API calls 17263->17264 17265 7ff6ab542604 17264->17265 17265->16244 17311 7ff6ab558804 17266->17311 17270 7ff6ab5481cc 17269->17270 17271 7ff6ab549400 2 API calls 17270->17271 17272 7ff6ab5481eb 17271->17272 17273 7ff6ab548206 ExpandEnvironmentStringsW 17272->17273 17274 7ff6ab5481f3 17272->17274 17276 7ff6ab54822c __vcrt_freefls 17273->17276 17275 7ff6ab542810 49 API calls 17274->17275 17277 7ff6ab5481ff __vcrt_freefls 17275->17277 17278 7ff6ab548243 17276->17278 17279 7ff6ab548230 17276->17279 17280 7ff6ab54c5c0 _log10_special 8 API calls 17277->17280 17283 7ff6ab5482af 17278->17283 17284 7ff6ab548251 GetDriveTypeW 17278->17284 17281 7ff6ab542810 49 API calls 17279->17281 17282 7ff6ab54839f 17280->17282 17281->17277 17282->16250 17301 7ff6ab5582a8 17282->17301 17449 7ff6ab557e78 17283->17449 17288 7ff6ab548285 17284->17288 17289 7ff6ab5482a0 17284->17289 17287 7ff6ab5482c1 17290 7ff6ab5482c9 17287->17290 17300 7ff6ab5482dc 17287->17300 17291 7ff6ab542810 49 API calls 17288->17291 17442 7ff6ab5579dc 17289->17442 17293 7ff6ab542810 49 API calls 17290->17293 17291->17277 17293->17277 17294 7ff6ab54833e CreateDirectoryW 17294->17277 17296 7ff6ab54834d GetLastError 17294->17296 17295 7ff6ab5426b0 48 API calls 17297 7ff6ab548318 CreateDirectoryW 17295->17297 17296->17277 17297->17300 17300->17294 17300->17295 17302 7ff6ab5582c8 17301->17302 17303 7ff6ab5582b5 17301->17303 17550 7ff6ab557f2c 17302->17550 17304 7ff6ab554f78 _get_daylight 11 API calls 17303->17304 17306 7ff6ab5582ba 17304->17306 17308 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17306->17308 17309 7ff6ab5582c6 17308->17309 17309->16253 17352 7ff6ab5615c8 17311->17352 17411 7ff6ab561340 17352->17411 17432 7ff6ab560348 EnterCriticalSection 17411->17432 17443 7ff6ab5579fa 17442->17443 17446 7ff6ab557a2d 17442->17446 17443->17446 17461 7ff6ab5604e4 17443->17461 17446->17277 17447 7ff6ab55a970 _isindst 17 API calls 17448 7ff6ab557a5d 17447->17448 17450 7ff6ab557f02 17449->17450 17451 7ff6ab557e94 17449->17451 17495 7ff6ab560830 17450->17495 17451->17450 17453 7ff6ab557e99 17451->17453 17454 7ff6ab557ece 17453->17454 17455 7ff6ab557eb1 17453->17455 17478 7ff6ab557cbc GetFullPathNameW 17454->17478 17470 7ff6ab557c48 GetFullPathNameW 17455->17470 17460 7ff6ab557ec6 __vcrt_freefls 17460->17287 17462 7ff6ab5604fb 17461->17462 17463 7ff6ab5604f1 17461->17463 17464 7ff6ab554f78 _get_daylight 11 API calls 17462->17464 17463->17462 17468 7ff6ab560517 17463->17468 17465 7ff6ab560503 17464->17465 17466 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17465->17466 17467 7ff6ab557a29 17466->17467 17467->17446 17467->17447 17468->17467 17469 7ff6ab554f78 _get_daylight 11 API calls 17468->17469 17469->17465 17471 7ff6ab557c6e GetLastError 17470->17471 17474 7ff6ab557c84 17470->17474 17472 7ff6ab554eec _fread_nolock 11 API calls 17471->17472 17475 7ff6ab557c7b 17472->17475 17473 7ff6ab557c80 17473->17460 17474->17473 17477 7ff6ab554f78 _get_daylight 11 API calls 17474->17477 17476 7ff6ab554f78 _get_daylight 11 API calls 17475->17476 17476->17473 17477->17473 17479 7ff6ab557cef GetLastError 17478->17479 17483 7ff6ab557d05 __vcrt_freefls 17478->17483 17480 7ff6ab554eec _fread_nolock 11 API calls 17479->17480 17481 7ff6ab557cfc 17480->17481 17482 7ff6ab554f78 _get_daylight 11 API calls 17481->17482 17484 7ff6ab557d01 17482->17484 17483->17484 17485 7ff6ab557d5f GetFullPathNameW 17483->17485 17486 7ff6ab557d94 17484->17486 17485->17479 17485->17484 17487 7ff6ab557dbd __scrt_get_show_window_mode 17486->17487 17491 7ff6ab557e08 memcpy_s 17486->17491 17488 7ff6ab557df1 17487->17488 17487->17491 17492 7ff6ab557e2a 17487->17492 17489 7ff6ab554f78 _get_daylight 11 API calls 17488->17489 17490 7ff6ab557df6 17489->17490 17491->17460 17492->17491 17494 7ff6ab554f78 _get_daylight 11 API calls 17492->17494 17494->17490 17498 7ff6ab560640 17495->17498 17499 7ff6ab56066b 17498->17499 17500 7ff6ab560682 17498->17500 17503 7ff6ab554f78 _get_daylight 11 API calls 17499->17503 17501 7ff6ab5606a7 17500->17501 17502 7ff6ab560686 17500->17502 17536 7ff6ab55f628 17501->17536 17524 7ff6ab5607ac 17502->17524 17518 7ff6ab560670 17503->17518 17507 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17523 7ff6ab56067b __vcrt_freefls 17507->17523 17508 7ff6ab56068f 17510 7ff6ab554f58 _fread_nolock 11 API calls 17508->17510 17509 7ff6ab5606ac 17511 7ff6ab560751 17509->17511 17519 7ff6ab5606d3 17509->17519 17511->17499 17514 7ff6ab54c5c0 _log10_special 8 API calls 17517 7ff6ab5607a1 17514->17517 17517->17460 17518->17507 17523->17514 17525 7ff6ab5607f6 17524->17525 17526 7ff6ab5607c6 17524->17526 17528 7ff6ab5607e1 17525->17528 17529 7ff6ab560801 GetDriveTypeW 17525->17529 17527 7ff6ab554f58 _fread_nolock 11 API calls 17526->17527 17530 7ff6ab5607cb 17527->17530 17532 7ff6ab54c5c0 _log10_special 8 API calls 17528->17532 17529->17528 17531 7ff6ab554f78 _get_daylight 11 API calls 17530->17531 17533 7ff6ab5607d6 17531->17533 17534 7ff6ab56068b 17532->17534 17534->17508 17534->17509 17537 7ff6ab56a540 __scrt_get_show_window_mode 17536->17537 17538 7ff6ab55f65e GetCurrentDirectoryW 17537->17538 17539 7ff6ab55f69c 17538->17539 17540 7ff6ab55f675 17538->17540 17541 7ff6ab55ec08 _get_daylight 11 API calls 17539->17541 17543 7ff6ab54c5c0 _log10_special 8 API calls 17540->17543 17542 7ff6ab55f6ab 17541->17542 17544 7ff6ab55f6b5 GetCurrentDirectoryW 17542->17544 17545 7ff6ab55f6c4 17542->17545 17546 7ff6ab55f709 17543->17546 17544->17545 17546->17509 17557 7ff6ab560348 EnterCriticalSection 17550->17557 17559 7ff6ab54455a 17558->17559 17560 7ff6ab549400 2 API calls 17559->17560 17561 7ff6ab54457f 17560->17561 17562 7ff6ab54c5c0 _log10_special 8 API calls 17561->17562 17563 7ff6ab5445a7 17562->17563 17563->16287 17565 7ff6ab547e1e 17564->17565 17566 7ff6ab541c80 49 API calls 17565->17566 17569 7ff6ab547f42 17565->17569 17572 7ff6ab547ea5 17566->17572 17567 7ff6ab54c5c0 _log10_special 8 API calls 17568 7ff6ab547f73 17567->17568 17568->16287 17569->17567 17570 7ff6ab541c80 49 API calls 17570->17572 17571 7ff6ab544550 10 API calls 17571->17572 17572->17569 17572->17570 17572->17571 17573 7ff6ab549400 2 API calls 17572->17573 17574 7ff6ab547f13 CreateDirectoryW 17573->17574 17574->17569 17574->17572 17576 7ff6ab541637 17575->17576 17577 7ff6ab541613 17575->17577 17579 7ff6ab5445b0 108 API calls 17576->17579 17696 7ff6ab541050 17577->17696 17581 7ff6ab54164b 17579->17581 17580 7ff6ab541618 17582 7ff6ab54162e 17580->17582 17586 7ff6ab542710 54 API calls 17580->17586 17583 7ff6ab541653 17581->17583 17584 7ff6ab541682 17581->17584 17582->16287 17587 7ff6ab554f78 _get_daylight 11 API calls 17583->17587 17585 7ff6ab5445b0 108 API calls 17584->17585 17588 7ff6ab541696 17585->17588 17586->17582 17589 7ff6ab541658 17587->17589 17590 7ff6ab5416b8 17588->17590 17591 7ff6ab54169e 17588->17591 17592 7ff6ab542910 54 API calls 17589->17592 17594 7ff6ab550744 73 API calls 17590->17594 17593 7ff6ab542710 54 API calls 17591->17593 17595 7ff6ab541671 17592->17595 17596 7ff6ab5416ae 17593->17596 17597 7ff6ab5416cd 17594->17597 17595->16287 17600 7ff6ab5500bc 74 API calls 17596->17600 17598 7ff6ab5416f9 17597->17598 17599 7ff6ab5416d1 17597->17599 17602 7ff6ab541717 17598->17602 17603 7ff6ab5416ff 17598->17603 17601 7ff6ab554f78 _get_daylight 11 API calls 17599->17601 17605 7ff6ab541829 17600->17605 17606 7ff6ab5416d6 17601->17606 17608 7ff6ab541739 17602->17608 17609 7ff6ab541761 17602->17609 17674 7ff6ab541210 17603->17674 17605->16287 17607 7ff6ab542910 54 API calls 17606->17607 17620 7ff6ab5416ef __vcrt_freefls 17607->17620 17611 7ff6ab554f78 _get_daylight 11 API calls 17608->17611 17614 7ff6ab55040c _fread_nolock 53 API calls 17609->17614 17615 7ff6ab5417da 17609->17615 17619 7ff6ab5417c5 17609->17619 17609->17620 17727 7ff6ab550b4c 17609->17727 17610 7ff6ab5500bc 74 API calls 17610->17596 17612 7ff6ab54173e 17611->17612 17613 7ff6ab542910 54 API calls 17612->17613 17613->17620 17614->17609 17617 7ff6ab554f78 _get_daylight 11 API calls 17615->17617 17618 7ff6ab5417ca 17617->17618 17622 7ff6ab542910 54 API calls 17618->17622 17621 7ff6ab554f78 _get_daylight 11 API calls 17619->17621 17620->17610 17621->17618 17622->17620 17624 7ff6ab54717b 17623->17624 17626 7ff6ab547134 17623->17626 17624->16287 17626->17624 17760 7ff6ab555094 17626->17760 17628 7ff6ab544191 17627->17628 17629 7ff6ab5444d0 49 API calls 17628->17629 17630 7ff6ab5441cb 17629->17630 17631 7ff6ab5444d0 49 API calls 17630->17631 17632 7ff6ab5441db 17631->17632 17633 7ff6ab5441fd 17632->17633 17634 7ff6ab54422c 17632->17634 17791 7ff6ab544100 17633->17791 17636 7ff6ab544100 51 API calls 17634->17636 17637 7ff6ab54422a 17636->17637 17638 7ff6ab544257 17637->17638 17639 7ff6ab54428c 17637->17639 17798 7ff6ab547ce0 17638->17798 17641 7ff6ab544100 51 API calls 17639->17641 17643 7ff6ab5442b0 17641->17643 17646 7ff6ab544100 51 API calls 17643->17646 17651 7ff6ab544302 17643->17651 17644 7ff6ab544383 17650 7ff6ab541950 115 API calls 17644->17650 17645 7ff6ab542710 54 API calls 17647 7ff6ab544287 17645->17647 17649 7ff6ab5442d9 17646->17649 17648 7ff6ab54c5c0 _log10_special 8 API calls 17647->17648 17652 7ff6ab544425 17648->17652 17649->17651 17656 7ff6ab544100 51 API calls 17649->17656 17653 7ff6ab54438d 17650->17653 17651->17644 17657 7ff6ab54437c 17651->17657 17659 7ff6ab544307 17651->17659 17662 7ff6ab54436b 17651->17662 17652->16287 17654 7ff6ab5443ee 17653->17654 17655 7ff6ab544395 17653->17655 17658 7ff6ab542710 54 API calls 17654->17658 17824 7ff6ab541840 17655->17824 17656->17651 17657->17655 17657->17659 17658->17659 17663 7ff6ab542710 54 API calls 17659->17663 17666 7ff6ab542710 54 API calls 17662->17666 17663->17647 17664 7ff6ab5443ac 17667 7ff6ab542710 54 API calls 17664->17667 17665 7ff6ab5443c2 17668 7ff6ab541600 118 API calls 17665->17668 17666->17659 17667->17647 17669 7ff6ab5443d0 17668->17669 17669->17647 17670 7ff6ab542710 54 API calls 17669->17670 17670->17647 17672 7ff6ab541c80 49 API calls 17671->17672 17673 7ff6ab544464 17672->17673 17673->16287 17675 7ff6ab541268 17674->17675 17676 7ff6ab541297 17675->17676 17677 7ff6ab54126f 17675->17677 17680 7ff6ab5412b1 17676->17680 17681 7ff6ab5412d4 17676->17681 17678 7ff6ab542710 54 API calls 17677->17678 17679 7ff6ab541282 17678->17679 17679->17620 17682 7ff6ab554f78 _get_daylight 11 API calls 17680->17682 17685 7ff6ab541309 memcpy_s 17681->17685 17686 7ff6ab5412e6 17681->17686 17683 7ff6ab5412b6 17682->17683 17684 7ff6ab542910 54 API calls 17683->17684 17692 7ff6ab5412cf __vcrt_freefls 17684->17692 17688 7ff6ab55040c _fread_nolock 53 API calls 17685->17688 17691 7ff6ab550180 37 API calls 17685->17691 17685->17692 17693 7ff6ab5413cf 17685->17693 17695 7ff6ab550b4c 76 API calls 17685->17695 17687 7ff6ab554f78 _get_daylight 11 API calls 17686->17687 17689 7ff6ab5412eb 17687->17689 17688->17685 17690 7ff6ab542910 54 API calls 17689->17690 17690->17692 17691->17685 17692->17620 17694 7ff6ab542710 54 API calls 17693->17694 17694->17692 17695->17685 17697 7ff6ab5445b0 108 API calls 17696->17697 17698 7ff6ab54108c 17697->17698 17699 7ff6ab5410a9 17698->17699 17700 7ff6ab541094 17698->17700 17702 7ff6ab550744 73 API calls 17699->17702 17701 7ff6ab542710 54 API calls 17700->17701 17708 7ff6ab5410a4 __vcrt_freefls 17701->17708 17703 7ff6ab5410bf 17702->17703 17704 7ff6ab5410e6 17703->17704 17705 7ff6ab5410c3 17703->17705 17710 7ff6ab5410f7 17704->17710 17711 7ff6ab541122 17704->17711 17706 7ff6ab554f78 _get_daylight 11 API calls 17705->17706 17707 7ff6ab5410c8 17706->17707 17709 7ff6ab542910 54 API calls 17707->17709 17708->17580 17718 7ff6ab5410e1 __vcrt_freefls 17709->17718 17713 7ff6ab554f78 _get_daylight 11 API calls 17710->17713 17712 7ff6ab541129 17711->17712 17721 7ff6ab54113c 17711->17721 17714 7ff6ab541210 92 API calls 17712->17714 17715 7ff6ab541100 17713->17715 17714->17718 17716 7ff6ab542910 54 API calls 17715->17716 17716->17718 17717 7ff6ab5500bc 74 API calls 17719 7ff6ab5411b4 17717->17719 17718->17717 17719->17708 17731 7ff6ab5446e0 17719->17731 17720 7ff6ab55040c _fread_nolock 53 API calls 17720->17721 17721->17718 17721->17720 17723 7ff6ab5411ed 17721->17723 17724 7ff6ab554f78 _get_daylight 11 API calls 17723->17724 17725 7ff6ab5411f2 17724->17725 17726 7ff6ab542910 54 API calls 17725->17726 17726->17718 17728 7ff6ab550b7c 17727->17728 17745 7ff6ab55089c 17728->17745 17730 7ff6ab550b9a 17730->17609 17732 7ff6ab5446f0 17731->17732 17733 7ff6ab549400 2 API calls 17732->17733 17734 7ff6ab54471b 17733->17734 17735 7ff6ab549400 2 API calls 17734->17735 17740 7ff6ab54478e 17734->17740 17737 7ff6ab544736 17735->17737 17736 7ff6ab54c5c0 _log10_special 8 API calls 17738 7ff6ab5447a9 17736->17738 17739 7ff6ab54473b CreateSymbolicLinkW 17737->17739 17737->17740 17738->17708 17739->17740 17741 7ff6ab544765 17739->17741 17740->17736 17741->17740 17742 7ff6ab54476e GetLastError 17741->17742 17742->17740 17746 7ff6ab5508e9 17745->17746 17747 7ff6ab5508bc 17745->17747 17746->17730 17747->17746 17748 7ff6ab5508c6 17747->17748 17749 7ff6ab5508f1 17747->17749 17750 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 17748->17750 17752 7ff6ab5507dc 17749->17752 17750->17746 17759 7ff6ab5554dc EnterCriticalSection 17752->17759 17761 7ff6ab5550ce 17760->17761 17762 7ff6ab5550a1 17760->17762 17764 7ff6ab5550f1 17761->17764 17765 7ff6ab55510d 17761->17765 17763 7ff6ab554f78 _get_daylight 11 API calls 17762->17763 17772 7ff6ab555058 17762->17772 17766 7ff6ab5550ab 17763->17766 17767 7ff6ab554f78 _get_daylight 11 API calls 17764->17767 17775 7ff6ab554fbc 17765->17775 17769 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17766->17769 17770 7ff6ab5550f6 17767->17770 17771 7ff6ab5550b6 17769->17771 17773 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17770->17773 17771->17626 17772->17626 17774 7ff6ab555101 17773->17774 17774->17626 17776 7ff6ab554fe0 17775->17776 17782 7ff6ab554fdb 17775->17782 17777 7ff6ab55b1c0 __CxxCallCatchBlock 45 API calls 17776->17777 17776->17782 17778 7ff6ab554ffb 17777->17778 17783 7ff6ab55d9f4 17778->17783 17782->17774 17784 7ff6ab55da09 17783->17784 17786 7ff6ab55501e 17783->17786 17785 7ff6ab563374 45 API calls 17784->17785 17784->17786 17785->17786 17787 7ff6ab55da60 17786->17787 17788 7ff6ab55da75 17787->17788 17790 7ff6ab55da88 17787->17790 17789 7ff6ab5626c0 45 API calls 17788->17789 17788->17790 17789->17790 17790->17782 17792 7ff6ab544126 17791->17792 17793 7ff6ab5549f4 49 API calls 17792->17793 17794 7ff6ab54414c 17793->17794 17795 7ff6ab54415d 17794->17795 17796 7ff6ab544550 10 API calls 17794->17796 17795->17637 17797 7ff6ab54416f 17796->17797 17797->17637 17799 7ff6ab547cf5 17798->17799 17800 7ff6ab5445b0 108 API calls 17799->17800 17801 7ff6ab547d1b 17800->17801 17802 7ff6ab547d42 17801->17802 17803 7ff6ab5445b0 108 API calls 17801->17803 17805 7ff6ab54c5c0 _log10_special 8 API calls 17802->17805 17804 7ff6ab547d32 17803->17804 17806 7ff6ab547d3d 17804->17806 17807 7ff6ab547d4c 17804->17807 17808 7ff6ab544267 17805->17808 17809 7ff6ab5500bc 74 API calls 17806->17809 17828 7ff6ab550154 17807->17828 17808->17645 17808->17647 17809->17802 17811 7ff6ab547daf 17812 7ff6ab5500bc 74 API calls 17811->17812 17814 7ff6ab547dd7 17812->17814 17813 7ff6ab55040c _fread_nolock 53 API calls 17822 7ff6ab547d51 17813->17822 17816 7ff6ab547db6 17817 7ff6ab550180 37 API calls 17816->17817 17819 7ff6ab547db1 17817->17819 17818 7ff6ab550b4c 76 API calls 17818->17822 17819->17811 17834 7ff6ab557388 17819->17834 17820 7ff6ab550180 37 API calls 17820->17822 17822->17811 17822->17813 17822->17816 17822->17818 17822->17819 17822->17820 17823 7ff6ab550154 37 API calls 17822->17823 17823->17822 17826 7ff6ab5418d5 17824->17826 17827 7ff6ab541865 17824->17827 17825 7ff6ab555094 45 API calls 17825->17827 17826->17664 17826->17665 17827->17825 17827->17826 17829 7ff6ab55015d 17828->17829 17833 7ff6ab55016d 17828->17833 17830 7ff6ab554f78 _get_daylight 11 API calls 17829->17830 17831 7ff6ab550162 17830->17831 17832 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17831->17832 17832->17833 17833->17822 17835 7ff6ab557390 17834->17835 17855 7ff6ab555f38 17854->17855 17856 7ff6ab555f5e 17855->17856 17859 7ff6ab555f91 17855->17859 17857 7ff6ab554f78 _get_daylight 11 API calls 17856->17857 17858 7ff6ab555f63 17857->17858 17860 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 17858->17860 17861 7ff6ab555f97 17859->17861 17862 7ff6ab555fa4 17859->17862 17872 7ff6ab544606 17860->17872 17863 7ff6ab554f78 _get_daylight 11 API calls 17861->17863 17873 7ff6ab55ac98 17862->17873 17863->17872 17872->16313 17886 7ff6ab560348 EnterCriticalSection 17873->17886 18246 7ff6ab557968 18245->18246 18249 7ff6ab557444 18246->18249 18248 7ff6ab557981 18248->16323 18250 7ff6ab55748e 18249->18250 18251 7ff6ab55745f 18249->18251 18259 7ff6ab5554dc EnterCriticalSection 18250->18259 18252 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 18251->18252 18254 7ff6ab55747f 18252->18254 18254->18248 18261 7ff6ab54feb3 18260->18261 18262 7ff6ab54fee1 18260->18262 18263 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 18261->18263 18269 7ff6ab54fed3 18262->18269 18270 7ff6ab5554dc EnterCriticalSection 18262->18270 18263->18269 18269->16327 18272 7ff6ab54cb62 RtlLookupFunctionEntry 18271->18272 18273 7ff6ab54cb78 RtlVirtualUnwind 18272->18273 18274 7ff6ab54c97b 18272->18274 18273->18272 18273->18274 18275 7ff6ab54c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18274->18275 18277 7ff6ab5445b0 108 API calls 18276->18277 18278 7ff6ab541493 18277->18278 18279 7ff6ab5414bc 18278->18279 18280 7ff6ab54149b 18278->18280 18282 7ff6ab550744 73 API calls 18279->18282 18281 7ff6ab542710 54 API calls 18280->18281 18283 7ff6ab5414ab 18281->18283 18284 7ff6ab5414d1 18282->18284 18283->16369 18285 7ff6ab5414f8 18284->18285 18286 7ff6ab5414d5 18284->18286 18290 7ff6ab541508 18285->18290 18291 7ff6ab541532 18285->18291 18287 7ff6ab554f78 _get_daylight 11 API calls 18286->18287 18288 7ff6ab5414da 18287->18288 18289 7ff6ab542910 54 API calls 18288->18289 18300 7ff6ab5414f3 __vcrt_freefls 18289->18300 18292 7ff6ab554f78 _get_daylight 11 API calls 18290->18292 18293 7ff6ab541538 18291->18293 18296 7ff6ab54154b 18291->18296 18294 7ff6ab541510 18292->18294 18295 7ff6ab541210 92 API calls 18293->18295 18297 7ff6ab542910 54 API calls 18294->18297 18295->18300 18299 7ff6ab55040c _fread_nolock 53 API calls 18296->18299 18296->18300 18302 7ff6ab5415d6 18296->18302 18297->18300 18298 7ff6ab5500bc 74 API calls 18301 7ff6ab5415c4 18298->18301 18299->18296 18300->18298 18301->16369 18303 7ff6ab554f78 _get_daylight 11 API calls 18302->18303 18304 7ff6ab5415db 18303->18304 18305 7ff6ab542910 54 API calls 18304->18305 18305->18300 18307 7ff6ab549400 2 API calls 18306->18307 18308 7ff6ab549084 LoadLibraryExW 18307->18308 18309 7ff6ab5490a3 __vcrt_freefls 18308->18309 18309->16403 18383 7ff6ab546365 18382->18383 18384 7ff6ab541c80 49 API calls 18383->18384 18385 7ff6ab5463a1 18384->18385 18386 7ff6ab5463cd 18385->18386 18387 7ff6ab5463aa 18385->18387 18389 7ff6ab544620 49 API calls 18386->18389 18388 7ff6ab542710 54 API calls 18387->18388 18412 7ff6ab5463c3 18388->18412 18390 7ff6ab5463e5 18389->18390 18391 7ff6ab546403 18390->18391 18392 7ff6ab542710 54 API calls 18390->18392 18393 7ff6ab544550 10 API calls 18391->18393 18392->18391 18395 7ff6ab54640d 18393->18395 18394 7ff6ab54c5c0 _log10_special 8 API calls 18396 7ff6ab54336e 18394->18396 18397 7ff6ab54641b 18395->18397 18398 7ff6ab549070 3 API calls 18395->18398 18396->16438 18413 7ff6ab5464f0 18396->18413 18399 7ff6ab544620 49 API calls 18397->18399 18398->18397 18400 7ff6ab546434 18399->18400 18401 7ff6ab546459 18400->18401 18402 7ff6ab546439 18400->18402 18404 7ff6ab549070 3 API calls 18401->18404 18403 7ff6ab542710 54 API calls 18402->18403 18403->18412 18405 7ff6ab546466 18404->18405 18406 7ff6ab5464b1 18405->18406 18407 7ff6ab546472 18405->18407 18472 7ff6ab545820 GetProcAddress 18406->18472 18408 7ff6ab549400 2 API calls 18407->18408 18410 7ff6ab54648a GetLastError 18408->18410 18411 7ff6ab542c50 51 API calls 18410->18411 18411->18412 18412->18394 18562 7ff6ab5453f0 18413->18562 18415 7ff6ab546516 18416 7ff6ab54652f 18415->18416 18417 7ff6ab54651e 18415->18417 18569 7ff6ab544c80 18416->18569 18419 7ff6ab542710 54 API calls 18417->18419 18424 7ff6ab54652a 18419->18424 18421 7ff6ab54654c 18425 7ff6ab54655c 18421->18425 18427 7ff6ab54656d 18421->18427 18422 7ff6ab54653b 18423 7ff6ab542710 54 API calls 18422->18423 18423->18424 18424->16440 18426 7ff6ab542710 54 API calls 18425->18426 18426->18424 18428 7ff6ab54658c 18427->18428 18430 7ff6ab54659d 18427->18430 18429 7ff6ab542710 54 API calls 18428->18429 18429->18424 18431 7ff6ab5465bd 18430->18431 18432 7ff6ab5465ac 18430->18432 18433 7ff6ab542710 54 API calls 18432->18433 18433->18424 18451 7ff6ab546060 18450->18451 18451->18451 18452 7ff6ab546089 18451->18452 18457 7ff6ab5460a0 __vcrt_freefls 18451->18457 18453 7ff6ab542710 54 API calls 18452->18453 18454 7ff6ab546095 18453->18454 18454->16442 18455 7ff6ab5461ab 18455->16442 18456 7ff6ab541470 116 API calls 18456->18457 18457->18455 18457->18456 18458 7ff6ab542710 54 API calls 18457->18458 18458->18457 18473 7ff6ab54586f GetProcAddress 18472->18473 18474 7ff6ab545842 GetLastError 18472->18474 18476 7ff6ab54588b GetLastError 18473->18476 18477 7ff6ab54589a GetProcAddress 18473->18477 18475 7ff6ab54584f 18474->18475 18478 7ff6ab542c50 51 API calls 18475->18478 18476->18475 18479 7ff6ab5458b6 GetLastError 18477->18479 18480 7ff6ab5458c5 GetProcAddress 18477->18480 18481 7ff6ab545864 18478->18481 18479->18475 18482 7ff6ab5458e1 GetLastError 18480->18482 18483 7ff6ab5458f3 GetProcAddress 18480->18483 18481->18412 18482->18475 18484 7ff6ab545921 GetProcAddress 18483->18484 18485 7ff6ab54590f GetLastError 18483->18485 18485->18475 18564 7ff6ab54541c 18562->18564 18563 7ff6ab545424 18563->18415 18564->18563 18567 7ff6ab5455c4 18564->18567 18593 7ff6ab556b14 18564->18593 18565 7ff6ab545787 __vcrt_freefls 18565->18415 18566 7ff6ab5447c0 47 API calls 18566->18567 18567->18565 18567->18566 18570 7ff6ab544cb0 18569->18570 18571 7ff6ab54c5c0 _log10_special 8 API calls 18570->18571 18572 7ff6ab544d1a 18571->18572 18572->18421 18572->18422 18594 7ff6ab556b44 18593->18594 18597 7ff6ab556010 18594->18597 18596 7ff6ab556b74 18596->18564 18598 7ff6ab556053 18597->18598 18599 7ff6ab556041 18597->18599 18601 7ff6ab55609d 18598->18601 18603 7ff6ab556060 18598->18603 18600 7ff6ab554f78 _get_daylight 11 API calls 18599->18600 18602 7ff6ab556046 18600->18602 18604 7ff6ab5560b8 18601->18604 18608 7ff6ab554830 45 API calls 18601->18608 18606 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18602->18606 18607 7ff6ab55a884 _invalid_parameter_noinfo 37 API calls 18603->18607 18609 7ff6ab5560da 18604->18609 18618 7ff6ab556a9c 18604->18618 18615 7ff6ab556051 18606->18615 18607->18615 18608->18604 18610 7ff6ab55617b 18609->18610 18611 7ff6ab554f78 _get_daylight 11 API calls 18609->18611 18612 7ff6ab554f78 _get_daylight 11 API calls 18610->18612 18610->18615 18613 7ff6ab556170 18611->18613 18614 7ff6ab556226 18612->18614 18616 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18613->18616 18617 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18614->18617 18615->18596 18616->18610 18617->18615 18619 7ff6ab556abf 18618->18619 18622 7ff6ab556ad6 18618->18622 18624 7ff6ab55ffd8 18619->18624 18621 7ff6ab556ac4 18621->18604 18622->18621 18629 7ff6ab560008 18622->18629 18625 7ff6ab55b1c0 __CxxCallCatchBlock 45 API calls 18624->18625 18626 7ff6ab55ffe1 18625->18626 18627 7ff6ab55d9f4 45 API calls 18626->18627 18630 7ff6ab554fbc 45 API calls 18629->18630 18631 7ff6ab560041 18630->18631 18634 7ff6ab56004d 18631->18634 18636 7ff6ab562eb0 18631->18636 18670->16446 18672 7ff6ab55b1c0 __CxxCallCatchBlock 45 API calls 18671->18672 18673 7ff6ab55a451 18672->18673 18676 7ff6ab55a574 18673->18676 18685 7ff6ab5636c0 18676->18685 18711 7ff6ab563678 18685->18711 18716 7ff6ab560348 EnterCriticalSection 18711->18716 18720 7ff6ab55f9fc 18721 7ff6ab55fbee 18720->18721 18725 7ff6ab55fa3e _isindst 18720->18725 18722 7ff6ab554f78 _get_daylight 11 API calls 18721->18722 18740 7ff6ab55fbde 18722->18740 18723 7ff6ab54c5c0 _log10_special 8 API calls 18724 7ff6ab55fc09 18723->18724 18725->18721 18726 7ff6ab55fabe _isindst 18725->18726 18741 7ff6ab566204 18726->18741 18731 7ff6ab55fc1a 18733 7ff6ab55a970 _isindst 17 API calls 18731->18733 18735 7ff6ab55fc2e 18733->18735 18738 7ff6ab55fb1b 18738->18740 18766 7ff6ab566248 18738->18766 18740->18723 18742 7ff6ab566213 18741->18742 18743 7ff6ab55fadc 18741->18743 18773 7ff6ab560348 EnterCriticalSection 18742->18773 18748 7ff6ab565608 18743->18748 18749 7ff6ab565611 18748->18749 18751 7ff6ab55faf1 18748->18751 18750 7ff6ab554f78 _get_daylight 11 API calls 18749->18750 18752 7ff6ab565616 18750->18752 18751->18731 18754 7ff6ab565638 18751->18754 18753 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18752->18753 18753->18751 18755 7ff6ab55fb02 18754->18755 18756 7ff6ab565641 18754->18756 18755->18731 18760 7ff6ab565668 18755->18760 18757 7ff6ab554f78 _get_daylight 11 API calls 18756->18757 18758 7ff6ab565646 18757->18758 18759 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18758->18759 18759->18755 18761 7ff6ab565671 18760->18761 18762 7ff6ab55fb13 18760->18762 18763 7ff6ab554f78 _get_daylight 11 API calls 18761->18763 18762->18731 18762->18738 18764 7ff6ab565676 18763->18764 18765 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 18764->18765 18765->18762 18774 7ff6ab560348 EnterCriticalSection 18766->18774 19073 7ff6ab555480 19074 7ff6ab55548b 19073->19074 19082 7ff6ab55f314 19074->19082 19095 7ff6ab560348 EnterCriticalSection 19082->19095 19104 7ff6ab567c90 19107 7ff6ab562660 19104->19107 19108 7ff6ab56266d 19107->19108 19109 7ff6ab5626b2 19107->19109 19113 7ff6ab55b294 19108->19113 19114 7ff6ab55b2a5 FlsGetValue 19113->19114 19115 7ff6ab55b2c0 FlsSetValue 19113->19115 19116 7ff6ab55b2ba 19114->19116 19117 7ff6ab55b2b2 19114->19117 19115->19117 19118 7ff6ab55b2cd 19115->19118 19116->19115 19119 7ff6ab55b2b8 19117->19119 19120 7ff6ab55a574 __CxxCallCatchBlock 45 API calls 19117->19120 19121 7ff6ab55ec08 _get_daylight 11 API calls 19118->19121 19133 7ff6ab562334 19119->19133 19122 7ff6ab55b335 19120->19122 19123 7ff6ab55b2dc 19121->19123 19124 7ff6ab55b2fa FlsSetValue 19123->19124 19125 7ff6ab55b2ea FlsSetValue 19123->19125 19127 7ff6ab55b306 FlsSetValue 19124->19127 19128 7ff6ab55b318 19124->19128 19126 7ff6ab55b2f3 19125->19126 19130 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19126->19130 19127->19126 19129 7ff6ab55af64 _get_daylight 11 API calls 19128->19129 19131 7ff6ab55b320 19129->19131 19130->19117 19132 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19131->19132 19132->19119 19156 7ff6ab5625a4 19133->19156 19135 7ff6ab562369 19171 7ff6ab562034 19135->19171 19138 7ff6ab562386 19138->19109 19139 7ff6ab55d66c _fread_nolock 12 API calls 19140 7ff6ab562397 19139->19140 19141 7ff6ab56239f 19140->19141 19143 7ff6ab5623ae 19140->19143 19142 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19141->19142 19142->19138 19143->19143 19178 7ff6ab5626dc 19143->19178 19146 7ff6ab5624aa 19147 7ff6ab554f78 _get_daylight 11 API calls 19146->19147 19149 7ff6ab5624af 19147->19149 19148 7ff6ab562505 19151 7ff6ab56256c 19148->19151 19189 7ff6ab561e64 19148->19189 19152 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19149->19152 19150 7ff6ab5624c4 19150->19148 19153 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19150->19153 19155 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19151->19155 19152->19138 19153->19148 19155->19138 19157 7ff6ab5625c7 19156->19157 19158 7ff6ab5625d1 19157->19158 19204 7ff6ab560348 EnterCriticalSection 19157->19204 19161 7ff6ab562643 19158->19161 19162 7ff6ab55a574 __CxxCallCatchBlock 45 API calls 19158->19162 19161->19135 19164 7ff6ab56265b 19162->19164 19167 7ff6ab5626b2 19164->19167 19168 7ff6ab55b294 50 API calls 19164->19168 19167->19135 19169 7ff6ab56269c 19168->19169 19170 7ff6ab562334 65 API calls 19169->19170 19170->19167 19172 7ff6ab554fbc 45 API calls 19171->19172 19173 7ff6ab562048 19172->19173 19174 7ff6ab562066 19173->19174 19175 7ff6ab562054 GetOEMCP 19173->19175 19176 7ff6ab56207b 19174->19176 19177 7ff6ab56206b GetACP 19174->19177 19175->19176 19176->19138 19176->19139 19177->19176 19179 7ff6ab562034 47 API calls 19178->19179 19180 7ff6ab562709 19179->19180 19181 7ff6ab56285f 19180->19181 19182 7ff6ab562746 IsValidCodePage 19180->19182 19188 7ff6ab562760 __scrt_get_show_window_mode 19180->19188 19183 7ff6ab54c5c0 _log10_special 8 API calls 19181->19183 19182->19181 19185 7ff6ab562757 19182->19185 19184 7ff6ab5624a1 19183->19184 19184->19146 19184->19150 19186 7ff6ab562786 GetCPInfo 19185->19186 19185->19188 19186->19181 19186->19188 19205 7ff6ab56214c 19188->19205 19261 7ff6ab560348 EnterCriticalSection 19189->19261 19206 7ff6ab562189 GetCPInfo 19205->19206 19207 7ff6ab56227f 19205->19207 19206->19207 19213 7ff6ab56219c 19206->19213 19208 7ff6ab54c5c0 _log10_special 8 API calls 19207->19208 19210 7ff6ab56231e 19208->19210 19209 7ff6ab562eb0 48 API calls 19211 7ff6ab562213 19209->19211 19210->19181 19216 7ff6ab567bf4 19211->19216 19213->19209 19215 7ff6ab567bf4 54 API calls 19215->19207 19217 7ff6ab554fbc 45 API calls 19216->19217 19218 7ff6ab567c19 19217->19218 19221 7ff6ab5678c0 19218->19221 19222 7ff6ab567901 19221->19222 19223 7ff6ab55f910 _fread_nolock MultiByteToWideChar 19222->19223 19226 7ff6ab56794b 19223->19226 19224 7ff6ab567bc9 19225 7ff6ab54c5c0 _log10_special 8 API calls 19224->19225 19227 7ff6ab562246 19225->19227 19226->19224 19228 7ff6ab55d66c _fread_nolock 12 API calls 19226->19228 19229 7ff6ab567a81 19226->19229 19231 7ff6ab567983 19226->19231 19227->19215 19228->19231 19229->19224 19230 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19229->19230 19230->19224 19231->19229 19232 7ff6ab55f910 _fread_nolock MultiByteToWideChar 19231->19232 19233 7ff6ab5679f6 19232->19233 19233->19229 19252 7ff6ab55f154 19233->19252 19236 7ff6ab567a92 19238 7ff6ab55d66c _fread_nolock 12 API calls 19236->19238 19240 7ff6ab567b64 19236->19240 19241 7ff6ab567ab0 19236->19241 19237 7ff6ab567a41 19237->19229 19239 7ff6ab55f154 __crtLCMapStringW 6 API calls 19237->19239 19238->19241 19239->19229 19240->19229 19242 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19240->19242 19241->19229 19243 7ff6ab55f154 __crtLCMapStringW 6 API calls 19241->19243 19242->19229 19244 7ff6ab567b30 19243->19244 19244->19240 19245 7ff6ab567b66 19244->19245 19246 7ff6ab567b50 19244->19246 19247 7ff6ab560858 WideCharToMultiByte 19245->19247 19248 7ff6ab560858 WideCharToMultiByte 19246->19248 19249 7ff6ab567b5e 19247->19249 19248->19249 19249->19240 19250 7ff6ab567b7e 19249->19250 19250->19229 19251 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19250->19251 19251->19229 19253 7ff6ab55ed80 __crtLCMapStringW 5 API calls 19252->19253 19254 7ff6ab55f192 19253->19254 19257 7ff6ab55f19a 19254->19257 19258 7ff6ab55f240 19254->19258 19256 7ff6ab55f203 LCMapStringW 19256->19257 19257->19229 19257->19236 19257->19237 19259 7ff6ab55ed80 __crtLCMapStringW 5 API calls 19258->19259 19260 7ff6ab55f26e __crtLCMapStringW 19259->19260 19260->19256 19906 7ff6ab55c590 19917 7ff6ab560348 EnterCriticalSection 19906->19917 20455 7ff6ab56add9 20458 7ff6ab5554e8 LeaveCriticalSection 20455->20458 19267 7ff6ab56ae6e 19268 7ff6ab56ae7d 19267->19268 19269 7ff6ab56ae87 19267->19269 19271 7ff6ab5603a8 LeaveCriticalSection 19268->19271 20554 7ff6ab54cbc0 20555 7ff6ab54cbd0 20554->20555 20571 7ff6ab559c18 20555->20571 20557 7ff6ab54cbdc 20577 7ff6ab54ceb8 20557->20577 20559 7ff6ab54cc49 20560 7ff6ab54d19c 7 API calls 20559->20560 20570 7ff6ab54cc65 20559->20570 20562 7ff6ab54cc75 20560->20562 20561 7ff6ab54cbf4 _RTC_Initialize 20561->20559 20582 7ff6ab54d068 20561->20582 20564 7ff6ab54cc09 20585 7ff6ab559084 20564->20585 20572 7ff6ab559c29 20571->20572 20573 7ff6ab559c31 20572->20573 20574 7ff6ab554f78 _get_daylight 11 API calls 20572->20574 20573->20557 20575 7ff6ab559c40 20574->20575 20576 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 20575->20576 20576->20573 20578 7ff6ab54cec9 20577->20578 20579 7ff6ab54cece __scrt_release_startup_lock 20577->20579 20578->20579 20580 7ff6ab54d19c 7 API calls 20578->20580 20579->20561 20581 7ff6ab54cf42 20580->20581 20610 7ff6ab54d02c 20582->20610 20584 7ff6ab54d071 20584->20564 20586 7ff6ab5590a4 20585->20586 20608 7ff6ab54cc15 20585->20608 20587 7ff6ab5590ac 20586->20587 20588 7ff6ab5590c2 GetModuleFileNameW 20586->20588 20589 7ff6ab554f78 _get_daylight 11 API calls 20587->20589 20592 7ff6ab5590ed 20588->20592 20590 7ff6ab5590b1 20589->20590 20591 7ff6ab55a950 _invalid_parameter_noinfo 37 API calls 20590->20591 20591->20608 20593 7ff6ab559024 11 API calls 20592->20593 20594 7ff6ab55912d 20593->20594 20595 7ff6ab559135 20594->20595 20600 7ff6ab55914d 20594->20600 20596 7ff6ab554f78 _get_daylight 11 API calls 20595->20596 20597 7ff6ab55913a 20596->20597 20599 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20597->20599 20598 7ff6ab55916f 20601 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20598->20601 20599->20608 20600->20598 20602 7ff6ab55919b 20600->20602 20603 7ff6ab5591b4 20600->20603 20601->20608 20604 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20602->20604 20605 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20603->20605 20606 7ff6ab5591a4 20604->20606 20605->20598 20607 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20606->20607 20607->20608 20608->20559 20609 7ff6ab54d13c InitializeSListHead 20608->20609 20611 7ff6ab54d046 20610->20611 20613 7ff6ab54d03f 20610->20613 20614 7ff6ab55a25c 20611->20614 20613->20584 20617 7ff6ab559e98 20614->20617 20624 7ff6ab560348 EnterCriticalSection 20617->20624 19272 7ff6ab55b040 19273 7ff6ab55b045 19272->19273 19274 7ff6ab55b05a 19272->19274 19278 7ff6ab55b060 19273->19278 19279 7ff6ab55b0a2 19278->19279 19280 7ff6ab55b0aa 19278->19280 19281 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19279->19281 19282 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19280->19282 19281->19280 19283 7ff6ab55b0b7 19282->19283 19284 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19283->19284 19285 7ff6ab55b0c4 19284->19285 19286 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19285->19286 19287 7ff6ab55b0d1 19286->19287 19288 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19287->19288 19289 7ff6ab55b0de 19288->19289 19290 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19289->19290 19291 7ff6ab55b0eb 19290->19291 19292 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19291->19292 19293 7ff6ab55b0f8 19292->19293 19294 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19293->19294 19295 7ff6ab55b105 19294->19295 19296 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19295->19296 19297 7ff6ab55b115 19296->19297 19298 7ff6ab55a9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19297->19298 19299 7ff6ab55b125 19298->19299 19304 7ff6ab55af04 19299->19304 19318 7ff6ab560348 EnterCriticalSection 19304->19318 20625 7ff6ab559dc0 20628 7ff6ab559d3c 20625->20628 20635 7ff6ab560348 EnterCriticalSection 20628->20635 19320 7ff6ab56ac53 19322 7ff6ab56ac63 19320->19322 19324 7ff6ab5554e8 LeaveCriticalSection 19322->19324 18888 7ff6ab54bb50 18889 7ff6ab54bb7e 18888->18889 18890 7ff6ab54bb65 18888->18890 18890->18889 18892 7ff6ab55d66c 12 API calls 18890->18892 18891 7ff6ab54bbde 18892->18891 18893 7ff6ab5599d1 18894 7ff6ab55a448 45 API calls 18893->18894 18895 7ff6ab5599d6 18894->18895 18896 7ff6ab5599fd GetModuleHandleW 18895->18896 18897 7ff6ab559a47 18895->18897 18896->18897 18903 7ff6ab559a0a 18896->18903 18905 7ff6ab5598d4 18897->18905 18903->18897 18919 7ff6ab559af8 GetModuleHandleExW 18903->18919 18925 7ff6ab560348 EnterCriticalSection 18905->18925 18920 7ff6ab559b2c GetProcAddress 18919->18920 18921 7ff6ab559b55 18919->18921 18922 7ff6ab559b3e 18920->18922 18923 7ff6ab559b5a FreeLibrary 18921->18923 18924 7ff6ab559b61 18921->18924 18922->18921 18923->18924 18924->18897

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00007FF6AB548BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 7ff6ab548bd0-7ff6ab548d16 call 7ff6ab54c8c0 call 7ff6ab549400 SetConsoleCtrlHandler GetStartupInfoW call 7ff6ab555460 call 7ff6ab55a4ec call 7ff6ab55878c call 7ff6ab555460 call 7ff6ab55a4ec call 7ff6ab55878c call 7ff6ab555460 call 7ff6ab55a4ec call 7ff6ab55878c GetCommandLineW CreateProcessW 23 7ff6ab548d3d-7ff6ab548d79 RegisterClassW 0->23 24 7ff6ab548d18-7ff6ab548d38 GetLastError call 7ff6ab542c50 0->24 26 7ff6ab548d7b GetLastError 23->26 27 7ff6ab548d81-7ff6ab548dd5 CreateWindowExW 23->27 31 7ff6ab549029-7ff6ab54904f call 7ff6ab54c5c0 24->31 26->27 29 7ff6ab548dd7-7ff6ab548ddd GetLastError 27->29 30 7ff6ab548ddf-7ff6ab548de4 ShowWindow 27->30 32 7ff6ab548dea-7ff6ab548dfa WaitForSingleObject 29->32 30->32 34 7ff6ab548dfc 32->34 35 7ff6ab548e78-7ff6ab548e7f 32->35 39 7ff6ab548e00-7ff6ab548e03 34->39 36 7ff6ab548ec2-7ff6ab548ec9 35->36 37 7ff6ab548e81-7ff6ab548e91 WaitForSingleObject 35->37 42 7ff6ab548ecf-7ff6ab548ee5 QueryPerformanceFrequency QueryPerformanceCounter 36->42 43 7ff6ab548fb0-7ff6ab548fc9 GetMessageW 36->43 40 7ff6ab548e97-7ff6ab548ea7 TerminateProcess 37->40 41 7ff6ab548fe8-7ff6ab548ff2 37->41 44 7ff6ab548e0b-7ff6ab548e12 39->44 45 7ff6ab548e05 GetLastError 39->45 51 7ff6ab548ea9 GetLastError 40->51 52 7ff6ab548eaf-7ff6ab548ebd WaitForSingleObject 40->52 49 7ff6ab548ff4-7ff6ab548ffa DestroyWindow 41->49 50 7ff6ab549001-7ff6ab549025 GetExitCodeProcess CloseHandle * 2 41->50 53 7ff6ab548ef0-7ff6ab548f28 MsgWaitForMultipleObjects PeekMessageW 42->53 47 7ff6ab548fcb-7ff6ab548fd9 TranslateMessage DispatchMessageW 43->47 48 7ff6ab548fdf-7ff6ab548fe6 43->48 44->37 46 7ff6ab548e14-7ff6ab548e31 PeekMessageW 44->46 45->44 54 7ff6ab548e66-7ff6ab548e76 WaitForSingleObject 46->54 55 7ff6ab548e33-7ff6ab548e64 TranslateMessage DispatchMessageW PeekMessageW 46->55 47->48 48->41 48->43 49->50 50->31 51->52 52->41 56 7ff6ab548f2a 53->56 57 7ff6ab548f63-7ff6ab548f6a 53->57 54->35 54->39 55->54 55->55 58 7ff6ab548f30-7ff6ab548f61 TranslateMessage DispatchMessageW PeekMessageW 56->58 57->43 59 7ff6ab548f6c-7ff6ab548f95 QueryPerformanceCounter 57->59 58->57 58->58 59->53 60 7ff6ab548f9b-7ff6ab548fa2 59->60 60->41 61 7ff6ab548fa4-7ff6ab548fa8 60->61 61->43
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                                    • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                                    • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                                    • Instruction ID: ae088b3e16955da781c172a11348f14286a27f5e828904657e8af56ef8c75aff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2D18F32B0AB8296EB109F74E8652AD3765FF88B58F440235DA5D83ABADF3CD155C700
                                                                                                                                                                                                                                                    Function 00007FF6AB541000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 62 7ff6ab541000-7ff6ab543806 call 7ff6ab54fe88 call 7ff6ab54fe90 call 7ff6ab54c8c0 call 7ff6ab555460 call 7ff6ab5554f4 call 7ff6ab5436b0 76 7ff6ab543808-7ff6ab54380f 62->76 77 7ff6ab543814-7ff6ab543836 call 7ff6ab541950 62->77 78 7ff6ab543c97-7ff6ab543cb2 call 7ff6ab54c5c0 76->78 83 7ff6ab54383c-7ff6ab543856 call 7ff6ab541c80 77->83 84 7ff6ab54391b-7ff6ab543931 call 7ff6ab5445b0 77->84 87 7ff6ab54385b-7ff6ab54389b call 7ff6ab548a20 83->87 90 7ff6ab54396a-7ff6ab54397f call 7ff6ab542710 84->90 91 7ff6ab543933-7ff6ab543960 call 7ff6ab547f80 84->91 95 7ff6ab54389d-7ff6ab5438a3 87->95 96 7ff6ab5438c1-7ff6ab5438cc call 7ff6ab554fa0 87->96 99 7ff6ab543c8f 90->99 103 7ff6ab543984-7ff6ab5439a6 call 7ff6ab541c80 91->103 104 7ff6ab543962-7ff6ab543965 call 7ff6ab5500bc 91->104 100 7ff6ab5438af-7ff6ab5438bd call 7ff6ab548b90 95->100 101 7ff6ab5438a5-7ff6ab5438ad 95->101 111 7ff6ab5439fc-7ff6ab543a2a call 7ff6ab548b30 call 7ff6ab548b90 * 3 96->111 112 7ff6ab5438d2-7ff6ab5438e1 call 7ff6ab548a20 96->112 99->78 100->96 101->100 113 7ff6ab5439b0-7ff6ab5439b9 103->113 104->90 138 7ff6ab543a2f-7ff6ab543a3e call 7ff6ab548a20 111->138 120 7ff6ab5438e7-7ff6ab5438ed 112->120 121 7ff6ab5439f4-7ff6ab5439f7 call 7ff6ab554fa0 112->121 113->113 116 7ff6ab5439bb-7ff6ab5439d8 call 7ff6ab541950 113->116 116->87 130 7ff6ab5439de-7ff6ab5439ef call 7ff6ab542710 116->130 126 7ff6ab5438f0-7ff6ab5438fc 120->126 121->111 127 7ff6ab5438fe-7ff6ab543903 126->127 128 7ff6ab543905-7ff6ab543908 126->128 127->126 127->128 128->121 131 7ff6ab54390e-7ff6ab543916 call 7ff6ab554fa0 128->131 130->99 131->138 141 7ff6ab543b45-7ff6ab543b53 138->141 142 7ff6ab543a44-7ff6ab543a47 138->142 143 7ff6ab543b59-7ff6ab543b5d 141->143 144 7ff6ab543a67 141->144 142->141 145 7ff6ab543a4d-7ff6ab543a50 142->145 146 7ff6ab543a6b-7ff6ab543a90 call 7ff6ab554fa0 143->146 144->146 147 7ff6ab543a56-7ff6ab543a5a 145->147 148 7ff6ab543b14-7ff6ab543b17 145->148 157 7ff6ab543aab-7ff6ab543ac0 146->157 158 7ff6ab543a92-7ff6ab543aa6 call 7ff6ab548b30 146->158 147->148 149 7ff6ab543a60 147->149 150 7ff6ab543b19-7ff6ab543b1d 148->150 151 7ff6ab543b2f-7ff6ab543b40 call 7ff6ab542710 148->151 149->144 150->151 153 7ff6ab543b1f-7ff6ab543b2a 150->153 159 7ff6ab543c7f-7ff6ab543c87 151->159 153->146 161 7ff6ab543be8-7ff6ab543bfa call 7ff6ab548a20 157->161 162 7ff6ab543ac6-7ff6ab543aca 157->162 158->157 159->99 170 7ff6ab543bfc-7ff6ab543c02 161->170 171 7ff6ab543c2e 161->171 164 7ff6ab543bcd-7ff6ab543be2 call 7ff6ab541940 162->164 165 7ff6ab543ad0-7ff6ab543ae8 call 7ff6ab5552c0 162->165 164->161 164->162 175 7ff6ab543aea-7ff6ab543b02 call 7ff6ab5552c0 165->175 176 7ff6ab543b62-7ff6ab543b7a call 7ff6ab5552c0 165->176 173 7ff6ab543c1e-7ff6ab543c2c 170->173 174 7ff6ab543c04-7ff6ab543c1c 170->174 177 7ff6ab543c31-7ff6ab543c40 call 7ff6ab554fa0 171->177 173->177 174->177 175->164 186 7ff6ab543b08-7ff6ab543b0f 175->186 184 7ff6ab543b87-7ff6ab543b9f call 7ff6ab5552c0 176->184 185 7ff6ab543b7c-7ff6ab543b80 176->185 187 7ff6ab543c46-7ff6ab543c4a 177->187 188 7ff6ab543d41-7ff6ab543d63 call 7ff6ab5444d0 177->188 199 7ff6ab543bac-7ff6ab543bc4 call 7ff6ab5552c0 184->199 200 7ff6ab543ba1-7ff6ab543ba5 184->200 185->184 186->164 190 7ff6ab543c50-7ff6ab543c5f call 7ff6ab5490e0 187->190 191 7ff6ab543cd4-7ff6ab543ce6 call 7ff6ab548a20 187->191 197 7ff6ab543d71-7ff6ab543d82 call 7ff6ab541c80 188->197 198 7ff6ab543d65-7ff6ab543d6f call 7ff6ab544620 188->198 208 7ff6ab543c61 190->208 209 7ff6ab543cb3-7ff6ab543cb6 call 7ff6ab548850 190->209 203 7ff6ab543ce8-7ff6ab543ceb 191->203 204 7ff6ab543d35-7ff6ab543d3c 191->204 213 7ff6ab543d87-7ff6ab543d96 197->213 198->213 199->164 221 7ff6ab543bc6 199->221 200->199 203->204 211 7ff6ab543ced-7ff6ab543d10 call 7ff6ab541c80 203->211 210 7ff6ab543c68 call 7ff6ab542710 204->210 208->210 220 7ff6ab543cbb-7ff6ab543cbd 209->220 222 7ff6ab543c6d-7ff6ab543c77 210->222 228 7ff6ab543d2b-7ff6ab543d33 call 7ff6ab554fa0 211->228 229 7ff6ab543d12-7ff6ab543d26 call 7ff6ab542710 call 7ff6ab554fa0 211->229 218 7ff6ab543d98-7ff6ab543d9f 213->218 219 7ff6ab543dc4-7ff6ab543dda call 7ff6ab549400 213->219 218->219 224 7ff6ab543da1-7ff6ab543da5 218->224 234 7ff6ab543de8-7ff6ab543e04 SetDllDirectoryW 219->234 235 7ff6ab543ddc 219->235 226 7ff6ab543cc8-7ff6ab543ccf 220->226 227 7ff6ab543cbf-7ff6ab543cc6 220->227 221->164 222->159 224->219 230 7ff6ab543da7-7ff6ab543dbe SetDllDirectoryW LoadLibraryExW 224->230 226->213 227->210 228->213 229->222 230->219 238 7ff6ab543e0a-7ff6ab543e19 call 7ff6ab548a20 234->238 239 7ff6ab543f01-7ff6ab543f08 234->239 235->234 249 7ff6ab543e1b-7ff6ab543e21 238->249 250 7ff6ab543e32-7ff6ab543e3c call 7ff6ab554fa0 238->250 242 7ff6ab543ffc-7ff6ab544004 239->242 243 7ff6ab543f0e-7ff6ab543f15 239->243 247 7ff6ab544029-7ff6ab54405b call 7ff6ab5436a0 call 7ff6ab543360 call 7ff6ab543670 call 7ff6ab546fb0 call 7ff6ab546d60 242->247 248 7ff6ab544006-7ff6ab544023 PostMessageW GetMessageW 242->248 243->242 246 7ff6ab543f1b-7ff6ab543f25 call 7ff6ab5433c0 243->246 246->222 260 7ff6ab543f2b-7ff6ab543f3f call 7ff6ab5490c0 246->260 248->247 253 7ff6ab543e2d-7ff6ab543e2f 249->253 254 7ff6ab543e23-7ff6ab543e2b 249->254 262 7ff6ab543ef2-7ff6ab543efc call 7ff6ab548b30 250->262 263 7ff6ab543e42-7ff6ab543e48 250->263 253->250 254->253 269 7ff6ab543f41-7ff6ab543f5e PostMessageW GetMessageW 260->269 270 7ff6ab543f64-7ff6ab543fa0 call 7ff6ab548b30 call 7ff6ab548bd0 call 7ff6ab546fb0 call 7ff6ab546d60 call 7ff6ab548ad0 260->270 262->239 263->262 268 7ff6ab543e4e-7ff6ab543e54 263->268 272 7ff6ab543e56-7ff6ab543e58 268->272 273 7ff6ab543e5f-7ff6ab543e61 268->273 269->270 308 7ff6ab543fa5-7ff6ab543fa7 270->308 276 7ff6ab543e67-7ff6ab543e83 call 7ff6ab546db0 call 7ff6ab547330 272->276 277 7ff6ab543e5a 272->277 273->239 273->276 289 7ff6ab543e8e-7ff6ab543e95 276->289 290 7ff6ab543e85-7ff6ab543e8c 276->290 277->239 293 7ff6ab543e97-7ff6ab543ea4 call 7ff6ab546df0 289->293 294 7ff6ab543eaf-7ff6ab543eb9 call 7ff6ab5471a0 289->294 292 7ff6ab543edb-7ff6ab543ef0 call 7ff6ab542a50 call 7ff6ab546fb0 call 7ff6ab546d60 290->292 292->239 293->294 305 7ff6ab543ea6-7ff6ab543ead 293->305 306 7ff6ab543ebb-7ff6ab543ec2 294->306 307 7ff6ab543ec4-7ff6ab543ed2 call 7ff6ab5474e0 294->307 305->292 306->292 307->239 319 7ff6ab543ed4 307->319 311 7ff6ab543fe9-7ff6ab543ff7 call 7ff6ab541900 308->311 312 7ff6ab543fa9-7ff6ab543fb3 call 7ff6ab549200 308->312 311->222 312->311 321 7ff6ab543fb5-7ff6ab543fca 312->321 319->292 322 7ff6ab543fcc-7ff6ab543fdf call 7ff6ab542710 call 7ff6ab541900 321->322 323 7ff6ab543fe4 call 7ff6ab542a50 321->323 322->222 323->311
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$bye-runtime-tmpdir$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag
                                                                                                                                                                                                                                                    • API String ID: 2776309574-3273434969
                                                                                                                                                                                                                                                    • Opcode ID: 44b6149e1a44f815cbaf6e2375de99b2dfa5e961a20aa3e5c6a8e77e9d9f5974
                                                                                                                                                                                                                                                    • Instruction ID: edf289792fd90265b2fecaee8c55b569a0830a7adc763f0fdfa0e6b96276d3e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44b6149e1a44f815cbaf6e2375de99b2dfa5e961a20aa3e5c6a8e77e9d9f5974
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35325C21A1E68291FA19EF25D5653B967A2BF4D780F844032DA5DC32F7EF2CE569C300
                                                                                                                                                                                                                                                    Function 00007FF6AB565C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 477 7ff6ab565c70-7ff6ab565cab call 7ff6ab5655f8 call 7ff6ab565600 call 7ff6ab565668 484 7ff6ab565ed5-7ff6ab565f21 call 7ff6ab55a970 call 7ff6ab5655f8 call 7ff6ab565600 call 7ff6ab565668 477->484 485 7ff6ab565cb1-7ff6ab565cbc call 7ff6ab565608 477->485 511 7ff6ab565f27-7ff6ab565f32 call 7ff6ab565608 484->511 512 7ff6ab56605f-7ff6ab5660cd call 7ff6ab55a970 call 7ff6ab5615e8 484->512 485->484 490 7ff6ab565cc2-7ff6ab565ccc 485->490 492 7ff6ab565cee-7ff6ab565cf2 490->492 493 7ff6ab565cce-7ff6ab565cd1 490->493 496 7ff6ab565cf5-7ff6ab565cfd 492->496 495 7ff6ab565cd4-7ff6ab565cdf 493->495 498 7ff6ab565cea-7ff6ab565cec 495->498 499 7ff6ab565ce1-7ff6ab565ce8 495->499 496->496 500 7ff6ab565cff-7ff6ab565d12 call 7ff6ab55d66c 496->500 498->492 503 7ff6ab565d1b-7ff6ab565d29 498->503 499->495 499->498 507 7ff6ab565d2a-7ff6ab565d36 call 7ff6ab55a9b8 500->507 508 7ff6ab565d14-7ff6ab565d16 call 7ff6ab55a9b8 500->508 518 7ff6ab565d3d-7ff6ab565d45 507->518 508->503 511->512 520 7ff6ab565f38-7ff6ab565f43 call 7ff6ab565638 511->520 531 7ff6ab5660db-7ff6ab5660de 512->531 532 7ff6ab5660cf-7ff6ab5660d6 512->532 518->518 521 7ff6ab565d47-7ff6ab565d58 call 7ff6ab5604e4 518->521 520->512 529 7ff6ab565f49-7ff6ab565f6c call 7ff6ab55a9b8 GetTimeZoneInformation 520->529 521->484 530 7ff6ab565d5e-7ff6ab565db4 call 7ff6ab56a540 * 4 call 7ff6ab565b8c 521->530 547 7ff6ab565f72-7ff6ab565f93 529->547 548 7ff6ab566034-7ff6ab56605e call 7ff6ab5655f0 call 7ff6ab5655e0 call 7ff6ab5655e8 529->548 589 7ff6ab565db6-7ff6ab565dba 530->589 533 7ff6ab566115-7ff6ab566128 call 7ff6ab55d66c 531->533 534 7ff6ab5660e0 531->534 537 7ff6ab56616b-7ff6ab56616e 532->537 551 7ff6ab56612a 533->551 552 7ff6ab566133-7ff6ab56614e call 7ff6ab5615e8 533->552 539 7ff6ab5660e3 534->539 537->539 540 7ff6ab566174-7ff6ab56617c call 7ff6ab565c70 537->540 545 7ff6ab5660e8-7ff6ab566114 call 7ff6ab55a9b8 call 7ff6ab54c5c0 539->545 546 7ff6ab5660e3 call 7ff6ab565eec 539->546 540->545 546->545 554 7ff6ab565f95-7ff6ab565f9b 547->554 555 7ff6ab565f9e-7ff6ab565fa5 547->555 561 7ff6ab56612c-7ff6ab566131 call 7ff6ab55a9b8 551->561 577 7ff6ab566155-7ff6ab566167 call 7ff6ab55a9b8 552->577 578 7ff6ab566150-7ff6ab566153 552->578 554->555 563 7ff6ab565fa7-7ff6ab565faf 555->563 564 7ff6ab565fb9 555->564 561->534 563->564 565 7ff6ab565fb1-7ff6ab565fb7 563->565 568 7ff6ab565fbb-7ff6ab56602f call 7ff6ab56a540 * 4 call 7ff6ab562bcc call 7ff6ab566184 * 2 564->568 565->568 568->548 577->537 578->561 591 7ff6ab565dbc 589->591 592 7ff6ab565dc0-7ff6ab565dc4 589->592 591->592 592->589 594 7ff6ab565dc6-7ff6ab565deb call 7ff6ab556bc8 592->594 600 7ff6ab565dee-7ff6ab565df2 594->600 602 7ff6ab565df4-7ff6ab565dff 600->602 603 7ff6ab565e01-7ff6ab565e05 600->603 602->603 605 7ff6ab565e07-7ff6ab565e0b 602->605 603->600 607 7ff6ab565e0d-7ff6ab565e35 call 7ff6ab556bc8 605->607 608 7ff6ab565e8c-7ff6ab565e90 605->608 617 7ff6ab565e37 607->617 618 7ff6ab565e53-7ff6ab565e57 607->618 611 7ff6ab565e97-7ff6ab565ea4 608->611 612 7ff6ab565e92-7ff6ab565e94 608->612 613 7ff6ab565ea6-7ff6ab565ebc call 7ff6ab565b8c 611->613 614 7ff6ab565ebf-7ff6ab565ece call 7ff6ab5655f0 call 7ff6ab5655e0 611->614 612->611 613->614 614->484 621 7ff6ab565e3a-7ff6ab565e41 617->621 618->608 623 7ff6ab565e59-7ff6ab565e77 call 7ff6ab556bc8 618->623 621->618 624 7ff6ab565e43-7ff6ab565e51 621->624 629 7ff6ab565e83-7ff6ab565e8a 623->629 624->618 624->621 629->608 630 7ff6ab565e79-7ff6ab565e7d 629->630 630->608 631 7ff6ab565e7f 630->631 631->629
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565CB5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56561C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9CE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: GetLastError.KERNEL32(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9D8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6AB55A94F,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55A979
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6AB55A94F,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55A99E
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565CA4
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56567C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F1A
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F2B
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F3C
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6AB56617C), ref: 00007FF6AB565F63
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                    • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                                    • Instruction ID: f1a12f746bed92883581b556af2a637f70673e0ce47081ab200377bf8092962e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3ED1B132A1A24686EB20DF26E4611B96761FF5C794F488136EA4DC76A7EF3CE841C740
                                                                                                                                                                                                                                                    Function 00007FF6AB5669D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 691 7ff6ab5669d4-7ff6ab566a47 call 7ff6ab566708 694 7ff6ab566a49-7ff6ab566a52 call 7ff6ab554f58 691->694 695 7ff6ab566a61-7ff6ab566a6b call 7ff6ab558590 691->695 700 7ff6ab566a55-7ff6ab566a5c call 7ff6ab554f78 694->700 701 7ff6ab566a6d-7ff6ab566a84 call 7ff6ab554f58 call 7ff6ab554f78 695->701 702 7ff6ab566a86-7ff6ab566aef CreateFileW 695->702 714 7ff6ab566da2-7ff6ab566dc2 700->714 701->700 705 7ff6ab566b6c-7ff6ab566b77 GetFileType 702->705 706 7ff6ab566af1-7ff6ab566af7 702->706 708 7ff6ab566bca-7ff6ab566bd1 705->708 709 7ff6ab566b79-7ff6ab566bb4 GetLastError call 7ff6ab554eec CloseHandle 705->709 711 7ff6ab566b39-7ff6ab566b67 GetLastError call 7ff6ab554eec 706->711 712 7ff6ab566af9-7ff6ab566afd 706->712 717 7ff6ab566bd9-7ff6ab566bdc 708->717 718 7ff6ab566bd3-7ff6ab566bd7 708->718 709->700 725 7ff6ab566bba-7ff6ab566bc5 call 7ff6ab554f78 709->725 711->700 712->711 719 7ff6ab566aff-7ff6ab566b37 CreateFileW 712->719 723 7ff6ab566be2-7ff6ab566c37 call 7ff6ab5584a8 717->723 724 7ff6ab566bde 717->724 718->723 719->705 719->711 729 7ff6ab566c56-7ff6ab566c87 call 7ff6ab566488 723->729 730 7ff6ab566c39-7ff6ab566c45 call 7ff6ab566910 723->730 724->723 725->700 737 7ff6ab566c8d-7ff6ab566ccf 729->737 738 7ff6ab566c89-7ff6ab566c8b 729->738 730->729 736 7ff6ab566c47 730->736 739 7ff6ab566c49-7ff6ab566c51 call 7ff6ab55ab30 736->739 740 7ff6ab566cf1-7ff6ab566cfc 737->740 741 7ff6ab566cd1-7ff6ab566cd5 737->741 738->739 739->714 742 7ff6ab566d02-7ff6ab566d06 740->742 743 7ff6ab566da0 740->743 741->740 745 7ff6ab566cd7-7ff6ab566cec 741->745 742->743 746 7ff6ab566d0c-7ff6ab566d51 CloseHandle CreateFileW 742->746 743->714 745->740 748 7ff6ab566d86-7ff6ab566d9b 746->748 749 7ff6ab566d53-7ff6ab566d81 GetLastError call 7ff6ab554eec call 7ff6ab5586d0 746->749 748->743 749->748
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                                    • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                                    • Instruction ID: d52f0e9e943e10ae3c99f24588f092b9056628141ae24d07cb9871ab387c5f60
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EC1A036B29A4285EB10CFA9D4A12AC3761EB4DB98F055225DF2E977E6DF38E451C300
                                                                                                                                                                                                                                                    Function 00007FF6AB5483B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB54841B
                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB54849E
                                                                                                                                                                                                                                                    • DeleteFileW.KERNELBASE(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB5484BD
                                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB5484CB
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB5484DC
                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNELBASE(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB5484E5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                                    • String ID: %s\*
                                                                                                                                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                                    • Opcode ID: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                                                                    • Instruction ID: ec731007e38e1cbdc8e2e8cefd244dee019fecb55ce4df5b4ed390f9f1fc6ccb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39a93d91a788addd72801eeb202cf5dd5373a6ceabdc1da620128e14205563d9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F41D521A0EA4291EE34AF24E4581B96761FF9C758F840A32D6ADC36E6DF3CD55AC700
                                                                                                                                                                                                                                                    Function 00007FF6AB565EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1012 7ff6ab565eec-7ff6ab565f21 call 7ff6ab5655f8 call 7ff6ab565600 call 7ff6ab565668 1019 7ff6ab565f27-7ff6ab565f32 call 7ff6ab565608 1012->1019 1020 7ff6ab56605f-7ff6ab5660cd call 7ff6ab55a970 call 7ff6ab5615e8 1012->1020 1019->1020 1025 7ff6ab565f38-7ff6ab565f43 call 7ff6ab565638 1019->1025 1032 7ff6ab5660db-7ff6ab5660de 1020->1032 1033 7ff6ab5660cf-7ff6ab5660d6 1020->1033 1025->1020 1031 7ff6ab565f49-7ff6ab565f6c call 7ff6ab55a9b8 GetTimeZoneInformation 1025->1031 1046 7ff6ab565f72-7ff6ab565f93 1031->1046 1047 7ff6ab566034-7ff6ab56605e call 7ff6ab5655f0 call 7ff6ab5655e0 call 7ff6ab5655e8 1031->1047 1034 7ff6ab566115-7ff6ab566128 call 7ff6ab55d66c 1032->1034 1035 7ff6ab5660e0 1032->1035 1037 7ff6ab56616b-7ff6ab56616e 1033->1037 1049 7ff6ab56612a 1034->1049 1050 7ff6ab566133-7ff6ab56614e call 7ff6ab5615e8 1034->1050 1039 7ff6ab5660e3 1035->1039 1037->1039 1040 7ff6ab566174-7ff6ab56617c call 7ff6ab565c70 1037->1040 1044 7ff6ab5660e8-7ff6ab566114 call 7ff6ab55a9b8 call 7ff6ab54c5c0 1039->1044 1045 7ff6ab5660e3 call 7ff6ab565eec 1039->1045 1040->1044 1045->1044 1052 7ff6ab565f95-7ff6ab565f9b 1046->1052 1053 7ff6ab565f9e-7ff6ab565fa5 1046->1053 1057 7ff6ab56612c-7ff6ab566131 call 7ff6ab55a9b8 1049->1057 1071 7ff6ab566155-7ff6ab566167 call 7ff6ab55a9b8 1050->1071 1072 7ff6ab566150-7ff6ab566153 1050->1072 1052->1053 1059 7ff6ab565fa7-7ff6ab565faf 1053->1059 1060 7ff6ab565fb9 1053->1060 1057->1035 1059->1060 1061 7ff6ab565fb1-7ff6ab565fb7 1059->1061 1063 7ff6ab565fbb-7ff6ab56602f call 7ff6ab56a540 * 4 call 7ff6ab562bcc call 7ff6ab566184 * 2 1060->1063 1061->1063 1063->1047 1071->1037 1072->1057
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F1A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56567C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F2B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56561C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F3C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56564C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9CE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: GetLastError.KERNEL32(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9D8
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6AB56617C), ref: 00007FF6AB565F63
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                    • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                                    • Instruction ID: 854b73f25f6611ef7d51f68d92e4af0d60fea259289b6d480afddeaa903b3978
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41515E32A1A64286E720DF26E9A15A96760FF5C784F488136EA4DC76B7DF3CE441CB40
                                                                                                                                                                                                                                                    Function 00007FF6AB5492F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                    • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                                    • Instruction ID: 4a386ea4fdeaab68434ed8534915358e2d4af5e404984daf8863e58036c3e24c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FF0C822A1A74187F7608F60B45976A7350FB8D338F084335D96D426E5DF3CD0588B00
                                                                                                                                                                                                                                                    Function 00007FF6AB541950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 329 7ff6ab541950-7ff6ab54198b call 7ff6ab5445b0 332 7ff6ab541991-7ff6ab5419d1 call 7ff6ab547f80 329->332 333 7ff6ab541c4e-7ff6ab541c72 call 7ff6ab54c5c0 329->333 338 7ff6ab5419d7-7ff6ab5419e7 call 7ff6ab550744 332->338 339 7ff6ab541c3b-7ff6ab541c3e call 7ff6ab5500bc 332->339 344 7ff6ab5419e9-7ff6ab541a03 call 7ff6ab554f78 call 7ff6ab542910 338->344 345 7ff6ab541a08-7ff6ab541a24 call 7ff6ab55040c 338->345 343 7ff6ab541c43-7ff6ab541c4b 339->343 343->333 344->339 351 7ff6ab541a26-7ff6ab541a40 call 7ff6ab554f78 call 7ff6ab542910 345->351 352 7ff6ab541a45-7ff6ab541a5a call 7ff6ab554f98 345->352 351->339 358 7ff6ab541a5c-7ff6ab541a76 call 7ff6ab554f78 call 7ff6ab542910 352->358 359 7ff6ab541a7b-7ff6ab541afc call 7ff6ab541c80 * 2 call 7ff6ab550744 352->359 358->339 371 7ff6ab541b01-7ff6ab541b14 call 7ff6ab554fb4 359->371 374 7ff6ab541b16-7ff6ab541b30 call 7ff6ab554f78 call 7ff6ab542910 371->374 375 7ff6ab541b35-7ff6ab541b4e call 7ff6ab55040c 371->375 374->339 381 7ff6ab541b50-7ff6ab541b6a call 7ff6ab554f78 call 7ff6ab542910 375->381 382 7ff6ab541b6f-7ff6ab541b8b call 7ff6ab550180 375->382 381->339 388 7ff6ab541b8d-7ff6ab541b99 call 7ff6ab542710 382->388 389 7ff6ab541b9e-7ff6ab541bac 382->389 388->339 389->339 392 7ff6ab541bb2-7ff6ab541bb9 389->392 395 7ff6ab541bc1-7ff6ab541bc7 392->395 396 7ff6ab541bc9-7ff6ab541bd6 395->396 397 7ff6ab541be0-7ff6ab541bef 395->397 398 7ff6ab541bf1-7ff6ab541bfa 396->398 397->397 397->398 399 7ff6ab541bfc-7ff6ab541bff 398->399 400 7ff6ab541c0f 398->400 399->400 402 7ff6ab541c01-7ff6ab541c04 399->402 401 7ff6ab541c11-7ff6ab541c24 400->401 403 7ff6ab541c26 401->403 404 7ff6ab541c2d-7ff6ab541c39 401->404 402->400 405 7ff6ab541c06-7ff6ab541c09 402->405 403->404 404->339 404->395 405->400 406 7ff6ab541c0b-7ff6ab541c0d 405->406 406->401
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB547F80: _fread_nolock.LIBCMT ref: 00007FF6AB54802A
                                                                                                                                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF6AB541A1B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6AB541B6A), ref: 00007FF6AB54295E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                    • Opcode ID: 2a1d170e840dceaee6f2da0756e3de0371e7b12602e63a76cd509f1e6af33911
                                                                                                                                                                                                                                                    • Instruction ID: 4eb662bbfa2299ffc4682e6ac8210033b885a39470c8de4d51d0dcb08d7781ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a1d170e840dceaee6f2da0756e3de0371e7b12602e63a76cd509f1e6af33911
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2081E131E0A68685EB20DF25D8512BA37A2EF4C780F444131EA8DC77A7DE3DE1959B40
                                                                                                                                                                                                                                                    Function 00007FF6AB541600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 407 7ff6ab541600-7ff6ab541611 408 7ff6ab541637-7ff6ab541651 call 7ff6ab5445b0 407->408 409 7ff6ab541613-7ff6ab54161c call 7ff6ab541050 407->409 416 7ff6ab541653-7ff6ab541681 call 7ff6ab554f78 call 7ff6ab542910 408->416 417 7ff6ab541682-7ff6ab54169c call 7ff6ab5445b0 408->417 414 7ff6ab54162e-7ff6ab541636 409->414 415 7ff6ab54161e-7ff6ab541629 call 7ff6ab542710 409->415 415->414 423 7ff6ab5416b8-7ff6ab5416cf call 7ff6ab550744 417->423 424 7ff6ab54169e-7ff6ab5416b3 call 7ff6ab542710 417->424 432 7ff6ab5416f9-7ff6ab5416fd 423->432 433 7ff6ab5416d1-7ff6ab5416f4 call 7ff6ab554f78 call 7ff6ab542910 423->433 431 7ff6ab541821-7ff6ab541824 call 7ff6ab5500bc 424->431 440 7ff6ab541829-7ff6ab54183b 431->440 436 7ff6ab541717-7ff6ab541737 call 7ff6ab554fb4 432->436 437 7ff6ab5416ff-7ff6ab54170b call 7ff6ab541210 432->437 445 7ff6ab541819-7ff6ab54181c call 7ff6ab5500bc 433->445 446 7ff6ab541739-7ff6ab54175c call 7ff6ab554f78 call 7ff6ab542910 436->446 447 7ff6ab541761-7ff6ab54176c 436->447 442 7ff6ab541710-7ff6ab541712 437->442 442->445 445->431 459 7ff6ab54180f-7ff6ab541814 446->459 451 7ff6ab541802-7ff6ab54180a call 7ff6ab554fa0 447->451 452 7ff6ab541772-7ff6ab541777 447->452 451->459 454 7ff6ab541780-7ff6ab5417a2 call 7ff6ab55040c 452->454 462 7ff6ab5417da-7ff6ab5417e6 call 7ff6ab554f78 454->462 463 7ff6ab5417a4-7ff6ab5417bc call 7ff6ab550b4c 454->463 459->445 470 7ff6ab5417ed-7ff6ab5417f8 call 7ff6ab542910 462->470 468 7ff6ab5417be-7ff6ab5417c1 463->468 469 7ff6ab5417c5-7ff6ab5417d8 call 7ff6ab554f78 463->469 468->454 471 7ff6ab5417c3 468->471 469->470 474 7ff6ab5417fd 470->474 471->474 474->451
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                                    • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                                    • Opcode ID: 79a07ce5d44a4a527e320f9bba7b0693ac174a5d9842ddaaf57a302337259006
                                                                                                                                                                                                                                                    • Instruction ID: d8943dd8572224794069b608b1776e734261fd09e41bd7b03d3d1bccf7dc2c23
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79a07ce5d44a4a527e320f9bba7b0693ac174a5d9842ddaaf57a302337259006
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E51C021F4A64792EA10AF21A8111BA67A2BF4C794F484231EE0C87BF7DF3DF5659740
                                                                                                                                                                                                                                                    Function 00007FF6AB548850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(?,?,00000000,00007FF6AB543CBB), ref: 00007FF6AB5488F4
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00007FF6AB543CBB), ref: 00007FF6AB5488FA
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00007FF6AB543CBB), ref: 00007FF6AB54893C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548A20: GetEnvironmentVariableW.KERNEL32(00007FF6AB54388E), ref: 00007FF6AB548A57
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6AB548A79
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB5582A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB5582C1
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542810: MessageBoxW.USER32 ref: 00007FF6AB5428EA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                    • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                                    • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                                    • Instruction ID: 947a90a07095a566d66561bc151a648c5d503ae89264390348e13c1be8a2240c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8341A011A1BA4244FA68EF26A8652B91792AF8D7C4F444531ED0DC7BFBDE3CE514C700
                                                                                                                                                                                                                                                    Function 00007FF6AB541210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 754 7ff6ab541210-7ff6ab54126d call 7ff6ab54bdf0 757 7ff6ab541297-7ff6ab5412af call 7ff6ab554fb4 754->757 758 7ff6ab54126f-7ff6ab541296 call 7ff6ab542710 754->758 763 7ff6ab5412b1-7ff6ab5412cf call 7ff6ab554f78 call 7ff6ab542910 757->763 764 7ff6ab5412d4-7ff6ab5412e4 call 7ff6ab554fb4 757->764 776 7ff6ab541439-7ff6ab54144e call 7ff6ab54bad0 call 7ff6ab554fa0 * 2 763->776 770 7ff6ab541309-7ff6ab54131b 764->770 771 7ff6ab5412e6-7ff6ab541304 call 7ff6ab554f78 call 7ff6ab542910 764->771 772 7ff6ab541320-7ff6ab541345 call 7ff6ab55040c 770->772 771->776 783 7ff6ab54134b-7ff6ab541355 call 7ff6ab550180 772->783 784 7ff6ab541431 772->784 791 7ff6ab541453-7ff6ab54146d 776->791 783->784 790 7ff6ab54135b-7ff6ab541367 783->790 784->776 792 7ff6ab541370-7ff6ab541398 call 7ff6ab54a230 790->792 795 7ff6ab541416-7ff6ab54142c call 7ff6ab542710 792->795 796 7ff6ab54139a-7ff6ab54139d 792->796 795->784 798 7ff6ab541411 796->798 799 7ff6ab54139f-7ff6ab5413a9 796->799 798->795 800 7ff6ab5413ab-7ff6ab5413b9 call 7ff6ab550b4c 799->800 801 7ff6ab5413d4-7ff6ab5413d7 799->801 805 7ff6ab5413be-7ff6ab5413c1 800->805 802 7ff6ab5413d9-7ff6ab5413e7 call 7ff6ab569ea0 801->802 803 7ff6ab5413ea-7ff6ab5413ef 801->803 802->803 803->792 807 7ff6ab5413f5-7ff6ab5413f8 803->807 808 7ff6ab5413cf-7ff6ab5413d2 805->808 809 7ff6ab5413c3-7ff6ab5413cd call 7ff6ab550180 805->809 811 7ff6ab54140c-7ff6ab54140f 807->811 812 7ff6ab5413fa-7ff6ab5413fd 807->812 808->795 809->803 809->808 811->784 812->795 814 7ff6ab5413ff-7ff6ab541407 812->814 814->772
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                    • Opcode ID: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                                                                    • Instruction ID: 2afad68a0589e35f97df838e05223ebb759905e6a2403229b875d9d06470faf9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC51F622E0A68281E660AF16A8503BA6792FF8D794F484531ED4DC77E7EF3CE551D700
                                                                                                                                                                                                                                                    Function 00007FF6AB55ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6AB55F11A,?,?,-00000018,00007FF6AB55ADC3,?,?,?,00007FF6AB55ACBA,?,?,?,00007FF6AB555FAE), ref: 00007FF6AB55EEFC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6AB55F11A,?,?,-00000018,00007FF6AB55ADC3,?,?,?,00007FF6AB55ACBA,?,?,?,00007FF6AB555FAE), ref: 00007FF6AB55EF08
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                    • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                                    • Instruction ID: dd2d775fecfacd5ab916057db576a9d95b171c71e99041f92b315779905bc8ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3411421B2AA0241FA16CF13A8146752395BF4DBA0F884639DD1DC7BA6EF3CE4858304
                                                                                                                                                                                                                                                    Function 00007FF6AB5436B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF6AB543804), ref: 00007FF6AB5436E1
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB543804), ref: 00007FF6AB5436EB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB543706,?,00007FF6AB543804), ref: 00007FF6AB542C9E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB543706,?,00007FF6AB543804), ref: 00007FF6AB542D63
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542C50: MessageBoxW.USER32 ref: 00007FF6AB542D99
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                    • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                                    • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                                    • Instruction ID: ed919c96dddc470ec5acd30c77261018f016f6e4efff2c896723a9e87a464ac0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A21B861F2E64251FA20AF20E8553BA2362BF8D355F444132D59DC25F7EE6CE614C700
                                                                                                                                                                                                                                                    Function 00007FF6AB55BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 899 7ff6ab55bacc-7ff6ab55baf2 900 7ff6ab55bb0d-7ff6ab55bb11 899->900 901 7ff6ab55baf4-7ff6ab55bb08 call 7ff6ab554f58 call 7ff6ab554f78 899->901 903 7ff6ab55bee7-7ff6ab55bef3 call 7ff6ab554f58 call 7ff6ab554f78 900->903 904 7ff6ab55bb17-7ff6ab55bb1e 900->904 919 7ff6ab55befe 901->919 922 7ff6ab55bef9 call 7ff6ab55a950 903->922 904->903 905 7ff6ab55bb24-7ff6ab55bb52 904->905 905->903 908 7ff6ab55bb58-7ff6ab55bb5f 905->908 911 7ff6ab55bb78-7ff6ab55bb7b 908->911 912 7ff6ab55bb61-7ff6ab55bb73 call 7ff6ab554f58 call 7ff6ab554f78 908->912 917 7ff6ab55bee3-7ff6ab55bee5 911->917 918 7ff6ab55bb81-7ff6ab55bb87 911->918 912->922 920 7ff6ab55bf01-7ff6ab55bf18 917->920 918->917 923 7ff6ab55bb8d-7ff6ab55bb90 918->923 919->920 922->919 923->912 926 7ff6ab55bb92-7ff6ab55bbb7 923->926 928 7ff6ab55bbea-7ff6ab55bbf1 926->928 929 7ff6ab55bbb9-7ff6ab55bbbb 926->929 930 7ff6ab55bbc6-7ff6ab55bbdd call 7ff6ab554f58 call 7ff6ab554f78 call 7ff6ab55a950 928->930 931 7ff6ab55bbf3-7ff6ab55bc1b call 7ff6ab55d66c call 7ff6ab55a9b8 * 2 928->931 932 7ff6ab55bbbd-7ff6ab55bbc4 929->932 933 7ff6ab55bbe2-7ff6ab55bbe8 929->933 962 7ff6ab55bd70 930->962 964 7ff6ab55bc1d-7ff6ab55bc33 call 7ff6ab554f78 call 7ff6ab554f58 931->964 965 7ff6ab55bc38-7ff6ab55bc63 call 7ff6ab55c2f4 931->965 932->930 932->933 934 7ff6ab55bc68-7ff6ab55bc7f 933->934 937 7ff6ab55bcfa-7ff6ab55bd04 call 7ff6ab56398c 934->937 938 7ff6ab55bc81-7ff6ab55bc89 934->938 949 7ff6ab55bd0a-7ff6ab55bd1f 937->949 950 7ff6ab55bd8e 937->950 938->937 943 7ff6ab55bc8b-7ff6ab55bc8d 938->943 943->937 947 7ff6ab55bc8f-7ff6ab55bca5 943->947 947->937 952 7ff6ab55bca7-7ff6ab55bcb3 947->952 949->950 954 7ff6ab55bd21-7ff6ab55bd33 GetConsoleMode 949->954 958 7ff6ab55bd93-7ff6ab55bdb3 ReadFile 950->958 952->937 956 7ff6ab55bcb5-7ff6ab55bcb7 952->956 954->950 961 7ff6ab55bd35-7ff6ab55bd3d 954->961 956->937 963 7ff6ab55bcb9-7ff6ab55bcd1 956->963 959 7ff6ab55bead-7ff6ab55beb6 GetLastError 958->959 960 7ff6ab55bdb9-7ff6ab55bdc1 958->960 969 7ff6ab55beb8-7ff6ab55bece call 7ff6ab554f78 call 7ff6ab554f58 959->969 970 7ff6ab55bed3-7ff6ab55bed6 959->970 960->959 966 7ff6ab55bdc7 960->966 961->958 968 7ff6ab55bd3f-7ff6ab55bd61 ReadConsoleW 961->968 971 7ff6ab55bd73-7ff6ab55bd7d call 7ff6ab55a9b8 962->971 963->937 972 7ff6ab55bcd3-7ff6ab55bcdf 963->972 964->962 965->934 974 7ff6ab55bdce-7ff6ab55bde3 966->974 976 7ff6ab55bd63 GetLastError 968->976 977 7ff6ab55bd82-7ff6ab55bd8c 968->977 969->962 981 7ff6ab55bedc-7ff6ab55bede 970->981 982 7ff6ab55bd69-7ff6ab55bd6b call 7ff6ab554eec 970->982 971->920 972->937 980 7ff6ab55bce1-7ff6ab55bce3 972->980 974->971 985 7ff6ab55bde5-7ff6ab55bdf0 974->985 976->982 977->974 980->937 989 7ff6ab55bce5-7ff6ab55bcf5 980->989 981->971 982->962 991 7ff6ab55be17-7ff6ab55be1f 985->991 992 7ff6ab55bdf2-7ff6ab55be0b call 7ff6ab55b6e4 985->992 989->937 995 7ff6ab55be9b-7ff6ab55bea8 call 7ff6ab55b524 991->995 996 7ff6ab55be21-7ff6ab55be33 991->996 999 7ff6ab55be10-7ff6ab55be12 992->999 995->999 1000 7ff6ab55be35 996->1000 1001 7ff6ab55be8e-7ff6ab55be96 996->1001 999->971 1003 7ff6ab55be3a-7ff6ab55be41 1000->1003 1001->971 1004 7ff6ab55be7d-7ff6ab55be88 1003->1004 1005 7ff6ab55be43-7ff6ab55be47 1003->1005 1004->1001 1006 7ff6ab55be49-7ff6ab55be50 1005->1006 1007 7ff6ab55be63 1005->1007 1006->1007 1009 7ff6ab55be52-7ff6ab55be56 1006->1009 1008 7ff6ab55be69-7ff6ab55be79 1007->1008 1008->1003 1010 7ff6ab55be7b 1008->1010 1009->1007 1011 7ff6ab55be58-7ff6ab55be61 1009->1011 1010->1001 1011->1008
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 07c5dcf76cbe3182a9f46e495b791f87a2923bbe72b553d2f04cfdf557d03735
                                                                                                                                                                                                                                                    • Instruction ID: a77da9142aed2c499d92a71c087137fed8fe0f9ace78e7785a0a933e6e506ef1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07c5dcf76cbe3182a9f46e495b791f87a2923bbe72b553d2f04cfdf557d03735
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7C1D662A0E68741E7608F1594483BD7B60EF8DB81F594231EA4E837B7CF7EE8458708
                                                                                                                                                                                                                                                    Function 00007FF6AB548760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                                                                                                                                    • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                                    • Instruction ID: dc1532b9453862f9864367f7de127f9774ced9d743bf6c77fa7a6653c99387a8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8217131E0D64242EB549F59F49022AABA1FF897B0F140635EA6D83AF6DE7DD4548700
                                                                                                                                                                                                                                                    Function 00007FF6AB5490E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: GetCurrentProcess.KERNEL32 ref: 00007FF6AB548780
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: OpenProcessToken.ADVAPI32 ref: 00007FF6AB548793
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: GetTokenInformation.KERNELBASE ref: 00007FF6AB5487B8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: GetLastError.KERNEL32 ref: 00007FF6AB5487C2
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: GetTokenInformation.KERNELBASE ref: 00007FF6AB548802
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6AB54881E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: CloseHandle.KERNEL32 ref: 00007FF6AB548836
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF6AB543C55), ref: 00007FF6AB54916C
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF6AB543C55), ref: 00007FF6AB549175
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                                    • Opcode ID: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                                                                    • Instruction ID: 85b6bcc230640654b50b429be8a5dbbb56b02950534f530d9649efe50dc2e3cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB214B31A1AB8285E614AF10E9253EA6362FF8D780F884435EA4DD37A7DF3DE8558740
                                                                                                                                                                                                                                                    Function 00007FF6AB547E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,?,00007FF6AB54352C,?,00000000,00007FF6AB543F23), ref: 00007FF6AB547F22
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                                                                                    • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                                    • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                                    • Opcode ID: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                                                                    • Instruction ID: 869d508b8bfdd996fb8a63728365758eb775b5cc1f45042c41164a1779457ac5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7731D42171AAC155EA219F21E8503EA6355EF9CBE4F040230EA6D83BEBDF2CD6158B00
                                                                                                                                                                                                                                                    Function 00007FF6AB55CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB55CFBB), ref: 00007FF6AB55D0EC
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB55CFBB), ref: 00007FF6AB55D177
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                                    • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                                    • Instruction ID: d62ecf9a5e4583f0b26f24136751f2daed438204a4a9a55cb3d99c20a7fc4fb1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8910633F1A65695F750CF659440ABD2BA0BB48B89F144239DE0E93AE6DF3CD492CB04
                                                                                                                                                                                                                                                    Function 00007FF6AB55F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                                    • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                                    • Instruction ID: 492d3372315adcf7d60bd2ce7ae8d6dc69bc879d0b251f6d1df991938f7a83af
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3510872F0A3118AFB14DF64D9556BC27A1AB58369F504235DF1ED2AF6DF38A442C700
                                                                                                                                                                                                                                                    Function 00007FF6AB5557EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                                    • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                                    • Instruction ID: 4e0f2c056a7cb57af14194b401e34eafabc6b0e8d790e23fa9b708c8d46090c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB517B32E0A6418AFB10DFB1E4503BD23B1AB48B59F148639DE4D976AADF3DE445C704
                                                                                                                                                                                                                                                    Function 00007FF6AB555698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                                    • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                                    • Instruction ID: d6ded2a28416560b3216a062abea6de754ae5cde55bd35eabf964f21f4763683
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1341AF32E2978283E7148F20A5503697360FF987A5F108335EA9C83AE7DF7DA5E08744
                                                                                                                                                                                                                                                    Function 00007FF6AB54CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                                    • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                                    • Instruction ID: 977beaa59bc3605272e81c760b6d6d1c5dab917cca602cb4c418c94e4d855848
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67316110E0F28355FA54AF65D4623F927939F8E384F440435EA4ECB2F7DE2DA825C644
                                                                                                                                                                                                                                                    Function 00007FF6AB559AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                                                                    • Instruction ID: f46f9726954f6b472cf25f5af9db06d4db83dcbcb9ee5bd60ec4614ee4bd859e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AD09214F1A74652EB583F709CAA17812516F8CB42F182538D80B8A3B3ED3EA8498314
                                                                                                                                                                                                                                                    Function 00007FF6AB5501AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                    • Instruction ID: b3f51d83c16f1fbb2a20b9623585dedb88af51a785c31b151a51376dc11d78e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42510631B0B68686EB289E25980067A62D1BF4CBA5F1D4734DE6C877E7CF3CE4018609
                                                                                                                                                                                                                                                    Function 00007FF6AB55C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                                    • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                                    • Instruction ID: ba09c85130ed8e0236dd00325ace2cd30594a518a5477e2f60d7d1222cdc451f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD11E361B19A8181DA108F25A8541696761BB4ABF4F584331EE7D8B7FACF7CD0118704
                                                                                                                                                                                                                                                    Function 00007FF6AB555994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB5558A9), ref: 00007FF6AB5559C7
                                                                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB5558A9), ref: 00007FF6AB5559DD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                                                                                                                    • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                                    • Instruction ID: d143311e0e762a0b3590230b350295b8ae64c6328db98aac67cc4dff8d3f1fe2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2118F3261D64282EA648F51E45123EB760FB897B2F900336EA99C19E9EF6DD054CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB55A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9CE
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9D8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                    • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                                    • Instruction ID: 7457aeb82203b2f2bdc8c0eb145b3df674063ee8cabc66b2fec806e965177b13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77E08C10F0B24242FF096FF2A89613912606F8CB42F080234D81DC62B3EE2CA8858704
                                                                                                                                                                                                                                                    Function 00007FF6AB55ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?,?,?,00007FF6AB55AA45,?,?,00000000,00007FF6AB55AAFA), ref: 00007FF6AB55AC36
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6AB55AA45,?,?,00000000,00007FF6AB55AAFA), ref: 00007FF6AB55AC40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                    • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                                    • Instruction ID: 3d8ee862a167790e8cad6f8a1a402f337db1193f35f4320251b993cc904fc746
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83219611F1E68242FB945F61949427D16829F8C7A2F084335EA5EC77F7DEACE4458304
                                                                                                                                                                                                                                                    Function 00007FF6AB55BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                                    • Instruction ID: 593ea83b8ffe4e9ccd66a6acf6a905de4f39b78661203755afcc3bca2880e2e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D041D43290A24187EA349F19A54427D77A4EF5AB86F100331DA8EC76B3CF2EE442CB55
                                                                                                                                                                                                                                                    Function 00007FF6AB547F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                                    • Opcode ID: da6d8642933419ebf05c3617bd1a462a1bcc311e92338bbe222da65283b0d714
                                                                                                                                                                                                                                                    • Instruction ID: a316a1fc65a523605030f0943ce561742fe182693af4283907dd26a5475df217
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da6d8642933419ebf05c3617bd1a462a1bcc311e92338bbe222da65283b0d714
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21E521B2A69285FA55AF1269043BAAB92BF4DBC4F8C4430EE1D87797CE7DE051C600
                                                                                                                                                                                                                                                    Function 00007FF6AB55B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                                    • Instruction ID: a4a59d30141f271f42ae8d9cc57ff526cdcaaed826716be9431013f5f6104da1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A31D331A1A68285F7516F59D84537C3A60AF48B96F820335E92D833F3DF7DE4418728
                                                                                                                                                                                                                                                    Function 00007FF6AB5599D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                                                    • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                                                                    • Instruction ID: c061be00119a61f60271271e72c7dca7ddc0343f61b4b67b850384ad78943521
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22218E72E067828AEB658F64C4842EC37A0EB48719F480735D62D86AE6DF3CD584C754
                                                                                                                                                                                                                                                    Function 00007FF6AB556004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                    • Instruction ID: 8775943674dbee4e118b66757b301f13e8ed038126009a583e75e638d328fee1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B115472A1E6C181EA609F51A80137EA264AF49B85F544231FF4CD7BB7DF3EE4408709
                                                                                                                                                                                                                                                    Function 00007FF6AB5663C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                                    • Instruction ID: f2ca04e2569d8cf95ca0b8dc97f037813a44196bf9086589a738c07aab265e80
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B219672619A8287DB619F18D4903B976A0FF88B95F184334EA9DC76EADF3DD400CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB55042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                    • Instruction ID: 4c8f4fd1649e80da73158e02b62943ed30524da58c9db50b979096ca780b9185
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE01C421A0978181EA04EF529901179A6D1BF99FE1F0C4731EE5C97BE7CE3CF0014704
                                                                                                                                                                                                                                                    Function 00007FF6AB55EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF6AB55B39A,?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA), ref: 00007FF6AB55EC5D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                                    • Instruction ID: c9d7035fa798e549ea5061939e0d032531dc674bfec5b2967d65d84ea1991ad0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36F01D55F0B20681FE545EA799612B552905F8DB82F5C5630C90ECA3F3EE1CE4818218
                                                                                                                                                                                                                                                    Function 00007FF6AB55D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF6AB550D00,?,?,?,00007FF6AB55236A,?,?,?,?,?,00007FF6AB553B59), ref: 00007FF6AB55D6AA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                                    • Instruction ID: d9299b4eb12a1dda7fed9b57b5274e33f84a664d7c9be1df3a6e07dff94eabe2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F0FE12B0B34645FE546F615951A7912905F5C7A2F080730DD2EC53F7DE2CA4938915

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF6AB545820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545830
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545842
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545879
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54588B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458A4
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458B6
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458CF
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458E1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458FD
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54590F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54592B
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54593D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545959
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54596B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545987
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545999
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5459B5
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5459C7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                                                                                                                                    • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                                    • Instruction ID: 32496daa1a9dfad9276f1e2149e5c3289d31f8ee76335f3ccfe9d98d4b282ef1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5022AC34E0FB4791FA569F55B8A51B427A1AF0E7A1F585036C82E82372FF3DB158A340
                                                                                                                                                                                                                                                    Function 00007FF6AB56411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                    • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                    • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                                                    • Instruction ID: 76cf777e81a6aa0b9df6a49a886523accc298599481abd753143dcd766a8f55e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BB2F872F192828BE7658F64D4607FD37A1FB58388F585135DA0D97AA6EF38E900CB40
                                                                                                                                                                                                                                                    Function 00007FF6AB54AD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                                    • API String ID: 0-2665694366
                                                                                                                                                                                                                                                    • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                                                    • Instruction ID: aa7dbd49857cbfe8a8b3e3186f2cd69750dc8bfc045a16da46405df878080bc7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3852E472A156E68BE7A48F24C458BBE3BAAFB48340F014139E64AC7791DF7DD854CB40
                                                                                                                                                                                                                                                    Function 00007FF6AB54D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                                    • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                                    • Instruction ID: 8096430ee82b473b49b6271e6049f300ff14a24106d42df49e097a42d33805bc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A317472609B8186EB60CF60E8503EE73A1FB88704F44403ADA4D87BA5EF3CD558CB10
                                                                                                                                                                                                                                                    Function 00007FF6AB55A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1239891234-0
                                                                                                                                                                                                                                                    • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                                    • Instruction ID: 570c13d1d8adba059febd643b84b68a5dde3d0834fab37c9d98fa34dde71232c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A317332619B8186DB60CF25E8503AE73A4FB89754F540235EA8D83BA6EF3CC555CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB5618E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                                    • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                                    • Instruction ID: fbf16cae09b335c51004c9f664dabedc0fdc24f4855a6c455cf05834fe73bf4a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41B1C722F1A69641EA619F22D5202BD6361EF4CBE4F486131DE5E87BE6EE3CE441D700
                                                                                                                                                                                                                                                    Function 00007FF6AB54D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                    • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                                    • Instruction ID: 275ecd12f12f09ee82623b6718214080d21c8d6ad5ca95da7c18612e2f6275e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85115A22B15F058AEB00CF61E8552B933A4FB1D758F080E31DA2D867A5DF7CD1A98340
                                                                                                                                                                                                                                                    Function 00007FF6AB563C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memcpy_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1502251526-0
                                                                                                                                                                                                                                                    • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                    • Instruction ID: 7c7229885b39cc9c39c522a79218a54a147a6a0bfc5a579abc85e1a9bbb4c3f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84C1E372B1A2C687EB248F19E05467AB7A1F798B84F488135DB4E87795DF3DE801CB40
                                                                                                                                                                                                                                                    Function 00007FF6AB54A4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                                    • API String ID: 0-1127688429
                                                                                                                                                                                                                                                    • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                                                    • Instruction ID: 0aa293dc1ab17e552f742b77696bf272a653c07bc3ae99296ff2f700cb7fc39a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83F19472A1A3D54BE7E58F18C088B3A3AEAFF48744F055538DA49973A2CF78D591CB40
                                                                                                                                                                                                                                                    Function 00007FF6AB569798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 15204871-0
                                                                                                                                                                                                                                                    • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                                                    • Instruction ID: 7a7d5cd0e39c1dfd07e640063f0ae26b3327d968e16242c3e893c244f0ec8f5b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40B15977A05B898AEB55CF29C8963683BE0F788B48F188922DA5D837B5CF3DD451C700
                                                                                                                                                                                                                                                    Function 00007FF6AB553A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                                    • API String ID: 0-227171996
                                                                                                                                                                                                                                                    • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                                                    • Instruction ID: f4a95defc7a9c2fc72b80a70c2b729eab42296dae0e067982798ef02fc5d2221
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63E1A172A0A64686EB688F29C15013D33A0FF4DB9AF145335DB4F876B6DF29E851C708
                                                                                                                                                                                                                                                    Function 00007FF6AB54A34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                                    • API String ID: 0-900081337
                                                                                                                                                                                                                                                    • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                                                    • Instruction ID: 62a1d338f2d775207b19d0a4c8fbccaff1bbe3c06399edc2f9164f24b97a7279
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B919872A192C687E7E48E15C44CB7E3AAAFB48350F114139DA4AC67E2DF3DE590CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB55DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: e+000$gfff
                                                                                                                                                                                                                                                    • API String ID: 0-3030954782
                                                                                                                                                                                                                                                    • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                                                    • Instruction ID: 9c5f2db5b487399220f700c0aa3a84523be806886a4fd487e77b6cac8d2dab9f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08516A62B1D2C586E7258E36D8007697B91E748B94F48D331CB9C87AE6CF7DE445C704
                                                                                                                                                                                                                                                    Function 00007FF6AB560938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1010374628-0
                                                                                                                                                                                                                                                    • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                                    • Instruction ID: 69eaa79479e100fb420842f86c90db7e2676f91b3dfff0a2dd1def4f221e5cbe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1002BF21E1F6A640FA65AF1194A12796AE0AF0DBE0F4D8635DD5DC63F3EE3DE8418700
                                                                                                                                                                                                                                                    Function 00007FF6AB55DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: gfffffff
                                                                                                                                                                                                                                                    • API String ID: 0-1523873471
                                                                                                                                                                                                                                                    • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                                    • Instruction ID: a735451d9a8457b81101c27180e466b6af3161042600f1ed355557838110a073
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CA14863A0A7C586EB21CF25A400BB97B91EB68785F048231DF8D877E6DE3DE511CB01
                                                                                                                                                                                                                                                    Function 00007FF6AB558804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: TMP
                                                                                                                                                                                                                                                    • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                    • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                                                    • Instruction ID: 6ace0cd8d54ee9b1741c058edec6c63141c609f01193fde3aae9f7f2ee947c7d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0751F611F1B74241FA68AF2659111BA6AA1AF4DBC5F484634DE0EC7BF7EE3CE4424608
                                                                                                                                                                                                                                                    Function 00007FF6AB5634F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                    • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                                    • Instruction ID: 41429d4768990c3cb6da9dd8adf581b6636e0b9aee40c5d1524c8b7d643b31a4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09B09220E17A02C2EA082F61AC8321822A47F4C700F980138C00E84331DE2C20E66700
                                                                                                                                                                                                                                                    Function 00007FF6AB553610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                                                    • Instruction ID: f123204267e18058a0a77239a98a721ae9c37e38cdbd8df636182ca0dccc3197
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88D1D062E1A64286EB688E29C05027D27A0FB4DB49F144339CE0F877B6DF7DE945C748
                                                                                                                                                                                                                                                    Function 00007FF6AB549870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                                                    • Instruction ID: acff340d757ffb82aec32a02d00ae91f07e7317e1299aab698dbac88ca690d46
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AC160762181E08BD28AEB29E47947A73D1F78930DB95806BEF87477C6CB3CA514DB10
                                                                                                                                                                                                                                                    Function 00007FF6AB552C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                                                    • Instruction ID: 68866988e0db674a030b6986a5d4f9b45087a36185fa061fd669d8b2a2fb23ec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63B18172A0A78585E7658F29D49013C3BA0FB4DF49F244239DB4D873A6CF3AD482C748
                                                                                                                                                                                                                                                    Function 00007FF6AB55E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                                                    • Instruction ID: 193f2ce7acc0c2d52e158eab98c145d0019e802a52d81aaf276a63bdf430da25
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3281D272A1D78146EBB4CF1AE4403BA7A91FB497D4F144335DA9D83BAADE3DE4018B04
                                                                                                                                                                                                                                                    Function 00007FF6AB566488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 2f230ee3a98ece7b192f4bc53182e7c18c75a4751ed7777c4a897db923149be4
                                                                                                                                                                                                                                                    • Instruction ID: 754205dcb7f3bcb62b8edc2015c36d3d2da59996ddf863f4d80f07d6da2610ea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f230ee3a98ece7b192f4bc53182e7c18c75a4751ed7777c4a897db923149be4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C610A22F0E29247FB648E2C94652BD6680AF6A760F5C4339D61DC67F7DE7DE8018B00
                                                                                                                                                                                                                                                    Function 00007FF6AB5519B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                    • Instruction ID: 3a62e13197ce948e7184961ec746cb7b1240ca32988aea9c6b140804f1092706
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90517836E1565181E7258F29C04423837A0EB4CF69F244231CA8E977B6DF3AE843D784
                                                                                                                                                                                                                                                    Function 00007FF6AB5521D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                    • Instruction ID: 9c41a78f7f3b6a4d12080b0692eff551138edb5a0e67ff30ff87e1dfae0600f8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6518236A1A65582E7648F29C04023877A1EB58B69F258335CE4D977F6CF3BE843C744
                                                                                                                                                                                                                                                    Function 00007FF6AB551DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                    • Instruction ID: 7a87983b8f4bc89e70b021f907faa9ac7a7c08dae4ff49d4cd21db254fbaa075
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8517436E1965286E7248F29D4402383BA0EB4DB59F244331DE4E877B6CF3AEC82D744
                                                                                                                                                                                                                                                    Function 00007FF6AB551BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                                    • Instruction ID: ba590cbbaef9951125968a29de32b5538efbd1037d864f27409f8f8026ad5483
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8518276E1A65186E7248F29C0402383BA1EB4DB59F244231CE4E977B6CF3BE843D744
                                                                                                                                                                                                                                                    Function 00007FF6AB5517B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                                    • Instruction ID: b7ebd9ebad840f92c7fab5b66229750d9713bbd7db2041cbf95479f62b5954e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66518036E1A65186E7748F29D04037C2BA1EB48B59F245231CE4E977B6CF3AE842DB44
                                                                                                                                                                                                                                                    Function 00007FF6AB551FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                                    • Instruction ID: 1ea80deefba887a80b8c39bb389529bc25c0b77f156af94fd70c6a50b299a644
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7518136A1A65185E7258F29C44023937A1EB5CB59F248231CE4D977BACF3BEC42C794
                                                                                                                                                                                                                                                    Function 00007FF6AB555DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                    • Instruction ID: 04144e65e27752230230775105cf39c8ea89bdc02b5eab928794c4a0668702ac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9441B6B280B68A44F9658D682D047B85680AF6BBA2D5853B0DE99D33E3DD0E3986C109
                                                                                                                                                                                                                                                    Function 00007FF6AB559F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                    • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                                                    • Instruction ID: fb01a4d1f52e054021510adc3241dd364964ae3e25cfca8c8a7b1c35bfa56a7d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF41E022725A9582EF04CF6ADA141A9B3A1FB4CFD4B099532EE0DD7B69DE3CC4428300
                                                                                                                                                                                                                                                    Function 00007FF6AB558154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                                    • Instruction ID: ee838e502804b11a46e833c19e34b3eb530512573505ac99313b1dbef6b750bf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB319732B1AB8281E758DF25A85017E7AD5AF89BD0F184339EA5D93BE6DF3CD0114708
                                                                                                                                                                                                                                                    Function 00007FF6AB5695E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                                                    • Instruction ID: 1405cc5122778cd05df2570ff15a2d219647b4d66ae9d92439d21b9e82bea394
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11F068717292558ADB988FA9E40262977D0F71C3C0F508039E58DC3B24DE3CD062DF04
                                                                                                                                                                                                                                                    Function 00007FF6AB54D37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                                    • Instruction ID: 06baca792be8a674055936f140b51c073fd652e4e7d9445d71aecc070c524ebd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47A00221A0EC0AD2E6448F00ECA11352371FB58300B4400B1E00DC10F2AF3DA861D700
                                                                                                                                                                                                                                                    Function 00007FF6AB5476B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                    • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                                    • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                                    • Instruction ID: 06cbeb78158d4742c7c7f9f0959b7f3e125dea042279938da4cc5909a852dc12
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D902E424E0FB0790FA569F96AC605B427A2AF0C765F481431C81E823B3EF7DB569D750
                                                                                                                                                                                                                                                    Function 00007FF6AB5481C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB549400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6AB5445E4,00000000,00007FF6AB541985), ref: 00007FF6AB549439
                                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6AB5488A7,?,?,00000000,00007FF6AB543CBB), ref: 00007FF6AB54821C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542810: MessageBoxW.USER32 ref: 00007FF6AB5428EA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                                    • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                                    • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                                    • Instruction ID: 681fbed9adc8b8dd18ffa493a82f511829fbc8e85aca3ff0e8869bf63e7a397d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B51A611A2FA4291FB549F25EC512BA6792EF9C780F484431EA1EC26F7EF3CE5158740
                                                                                                                                                                                                                                                    Function 00007FF6AB542180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                    • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                    • Instruction ID: e119bf40dee09afd28e7a71a145854897a28e3d98c7b34c8b094cbc32b6eadc9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE510726619BA186D6349F22E4181BAB7A2F79CB61F004121EFDE83695DF3CD085DB10
                                                                                                                                                                                                                                                    Function 00007FF6AB5480B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                                    • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                                    • Instruction ID: acfcb3ceabf98a745cc2346579e52626d94c36c3fc11446651867b0c97cd9565
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5721B221B0AA4282E7458F7AAC652796751FF8DB90F4C5231DA3DC33F6DE2CD5A08301
                                                                                                                                                                                                                                                    Function 00007FF6AB556300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                    • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                    • Instruction ID: a61ed8fcd4d8c3b2a26ea0d725ca95fbca306ba1b9fa50b8f84c43d9a1da0e72
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C012C572E0E1C386FB605F14D1542B976A5FF48752FC44235E68A87AEADF7CE5808B08
                                                                                                                                                                                                                                                    Function 00007FF6AB551038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                    • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                    • Instruction ID: 05d5760aade7e2106b99dabb784d6e971e33884b38a22629554b85d2eec422d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9012D831E0E143C6FB20AE15E0546797A61FB44796F884235D79BC7AE6DF7CE480AB08
                                                                                                                                                                                                                                                    Function 00007FF6AB541050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                    • Opcode ID: d71e4b7b1744fd061dd4f171bedf68f3ca03f3e9821f53b1d0028571ae7a1026
                                                                                                                                                                                                                                                    • Instruction ID: 1a7d92d4828f9e9ff64b50bc6970576fe36eaf8743ae08dc0c97953990d2e05b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d71e4b7b1744fd061dd4f171bedf68f3ca03f3e9821f53b1d0028571ae7a1026
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF419C21F5A6A282EA10EF12A8116BA6792FF4DBC4F484532ED0D877A7DE3CE1119740
                                                                                                                                                                                                                                                    Function 00007FF6AB541470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                    • Opcode ID: 17e152b10182aed67a72398ac85b67c0f98998c656add469577b8d559d4f932d
                                                                                                                                                                                                                                                    • Instruction ID: 1646df6283b140bda9cbc3e07ecd5c7cf7ec4234c40e3547f5ce25a0748607c6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17e152b10182aed67a72398ac85b67c0f98998c656add469577b8d559d4f932d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D419D22E4A69285EB00DF22A8111F96791FF4C794F884532ED1D87BBBDE3CE5529B04
                                                                                                                                                                                                                                                    Function 00007FF6AB54EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                    • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                                    • Instruction ID: aa423a5f29a57f32e44267ac55fcabb4162476a451ec361c27bde7c67a3f9068
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22D17032A09B8186EB64DF66D4403AD37A1FB5D798F100135EE4D97BAADF38E4A1C704
                                                                                                                                                                                                                                                    Function 00007FF6AB542C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB543706,?,00007FF6AB543804), ref: 00007FF6AB542C9E
                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB543706,?,00007FF6AB543804), ref: 00007FF6AB542D63
                                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF6AB542D99
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                                    • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                    • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                                    • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                                    • Instruction ID: fbeaa7180c58ca5dd453d279d7a7cb4ed0a6f546a327596d5986e1c4509b7c11
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB31E526B09A5142E620AF21A8142AA67A6BF8C7D8F400135EF4DD376AEF3DD51AC300
                                                                                                                                                                                                                                                    Function 00007FF6AB54DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF6AB54DFEA,?,?,?,00007FF6AB54DCDC,?,?,?,00007FF6AB54D8D9), ref: 00007FF6AB54DDBD
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6AB54DFEA,?,?,?,00007FF6AB54DCDC,?,?,?,00007FF6AB54D8D9), ref: 00007FF6AB54DDCB
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF6AB54DFEA,?,?,?,00007FF6AB54DCDC,?,?,?,00007FF6AB54D8D9), ref: 00007FF6AB54DDF5
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6AB54DFEA,?,?,?,00007FF6AB54DCDC,?,?,?,00007FF6AB54D8D9), ref: 00007FF6AB54DE63
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6AB54DFEA,?,?,?,00007FF6AB54DCDC,?,?,?,00007FF6AB54D8D9), ref: 00007FF6AB54DE6F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                                    • Instruction ID: 4ae5d50aeffe308d7997a39456bb8a332cf0a1e450920af8f7f1b8016265d28c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E131AD21B1B64291EE269F12A90067533D5FF5CBA0F994535EE1D8B3A2EF3CE8748710
                                                                                                                                                                                                                                                    Function 00007FF6AB546350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                    • Opcode ID: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                                                                    • Instruction ID: 06c29f5608c3eb7b6dc10de742a4fcd73a66807a3fca9bc60a857abea4cc7c8a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF418231A1A68791EA15EF21E4552E96322FF5C384F804132EA5DC36B7EF3CE625C740
                                                                                                                                                                                                                                                    Function 00007FF6AB542A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6AB54351A,?,00000000,00007FF6AB543F23), ref: 00007FF6AB542AA0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                    • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                                    • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                                    • Instruction ID: fa2ab09376769431aa51696eb99b6061f4abb6fdfc35d45438d122a365e15837
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D218132A1A78292E7219F51B8817EA63A4FB8C7C4F440132EE8C8366ADF7CD6558740
                                                                                                                                                                                                                                                    Function 00007FF6AB55B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                    • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                                    • Instruction ID: fffff04065a5bd545b130111dfc9c13879a23183711de01dfb03f02fa31f3e3a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0521AC24F0F64A42FA65AF62565A13D61424F4C7B2F048734E93EC6AF7DE2DB4428314
                                                                                                                                                                                                                                                    Function 00007FF6AB567DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                    • String ID: CONOUT$
                                                                                                                                                                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                    • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                                    • Instruction ID: c7907dd9576936a2a11b686867becce1ecd4553d90ea80ea13c984436f0e9b06
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA118B21B19B4186E7608F52E8A932967A5FB8CBE4F084234EE5DC77B6DF7CD8448740
                                                                                                                                                                                                                                                    Function 00007FF6AB548560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF6AB549216), ref: 00007FF6AB548592
                                                                                                                                                                                                                                                    • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF6AB549216), ref: 00007FF6AB5485E9
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB549400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6AB5445E4,00000000,00007FF6AB541985), ref: 00007FF6AB549439
                                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6AB549216), ref: 00007FF6AB548678
                                                                                                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6AB549216), ref: 00007FF6AB5486E4
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF6AB549216), ref: 00007FF6AB5486F5
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,00000000,00007FF6AB549216), ref: 00007FF6AB54870A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3462794448-0
                                                                                                                                                                                                                                                    • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                                    • Instruction ID: 9b5a2187cb8daf038cdbc1223e09fe9e3ba3fad6a561503f0ae96a0127cb3fa2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7541F622B1A68241EA749F12A9506AA6795FF8CBC4F040135DF9DD7BABEF3CE411C700
                                                                                                                                                                                                                                                    Function 00007FF6AB55B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B347
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B37D
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B3AA
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B3BB
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B3CC
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B3E7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                    • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                                    • Instruction ID: b923ecddb100d7f697bf17c1eaeb9e22aad07c9678033c995103dca812d1787b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB118C34B0F78282FA55AF22569513D62525F4C7B2F098734E82ED67F7DE2DE4418308
                                                                                                                                                                                                                                                    Function 00007FF6AB542910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6AB541B6A), ref: 00007FF6AB54295E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                    • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                                    • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                                    • Instruction ID: 7c88fd4b9c5834adce59b3320091b81df3b3e11fefbeeb0cfb5bf0ce9b401f5a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7931D422B1A68552E720AF61B8516EB6695BF8C7D4F400132EE8DC376AEF3CD5568700
                                                                                                                                                                                                                                                    Function 00007FF6AB542390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                    • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                                    • Instruction ID: 306a2b85a905875774fc37ac79c8b2fc345271074cf825978246346cd473d746
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6316F76A1AA8289EB20EF61EC552F96361FF8D784F440135EA4D8BB6ADF3CD105C700
                                                                                                                                                                                                                                                    Function 00007FF6AB542B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6AB54918F,?,00007FF6AB543C55), ref: 00007FF6AB542BA0
                                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF6AB542C2A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                                    • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                                    • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                                    • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                                    • Instruction ID: 93602afee7e253afb81f131f306e7a53f880b9cd2394580f41d4feebc058e397
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7021DE22B1AB4182E711DF24F8457EA73A5FB8C780F404136EA8D9766ADE3CD615C740
                                                                                                                                                                                                                                                    Function 00007FF6AB542710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6AB541B99), ref: 00007FF6AB542760
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                    • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                                    • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                                    • Instruction ID: 35f67c1b01a4f768175f7d56a50078ff1805f0a1849e83cdeb35f3ea4441fa27
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14219072A1AB8192E720DF51B8917EA63A4FB8C3C4F440131FE8C8366ADF7CD6558B40
                                                                                                                                                                                                                                                    Function 00007FF6AB559AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                                    • Instruction ID: 3926b9e04d882f4d36dcf4b8d51ce8cc7b13dfe20b0c8205dbf48bc57a1b802a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92F06261B0A70681FB108F24E8557796320EF4D772F580735CAAE866F5DF2DD185C304
                                                                                                                                                                                                                                                    Function 00007FF6AB5693D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                    • Instruction ID: 22d55f834df6861f3d6b058d7bb6475345424bcc17d14c2fbb8052e0c90078a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42112172E5EA9301FB642D24D47637521447F5D376F1C4634EBAEC66FBCE2CA9814104
                                                                                                                                                                                                                                                    Function 00007FF6AB55B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B41F
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B43E
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B466
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B477
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B488
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                                    • Instruction ID: ceca546a04f8fe7517eb78e7f14e77dcfbb0e74f46ccf1177b34f681200eca6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66117C20B0F74281FA69AF22565517961575F8C7B2F488734E93EC66F7DE2DF4418308
                                                                                                                                                                                                                                                    Function 00007FF6AB55B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                                    • Instruction ID: 813aee53b083609b9bcd3c9955e1020f9fd58711e4723dc0cfa35a511c8c3449
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B113924F0F34B81FA69AE66445627E11424F4D372F488B34D93EDA2F3DD2DB4428719
                                                                                                                                                                                                                                                    Function 00007FF6AB556010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                    • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                    • Instruction ID: 74bbec56d395aa4a5ab3d351808b0e4d8243c878e71d08b2222664bf435ac083
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B91B132A0AA8A85F7618E25D45037D37A1AF48B96F448336DA5DC73E7DF3CE8458309
                                                                                                                                                                                                                                                    Function 00007FF6AB55FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                    • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                                    • Instruction ID: 0d58a91aac3866d698f7e8628e4852570d3f165194f5c90177adf272f2e29297
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF81E172E0E38386F7A45FA5C10027836A0AF1DB49F558234DA09D76BBDF2DF9418309
                                                                                                                                                                                                                                                    Function 00007FF6AB54D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                                    • Instruction ID: 4b65e82d1380f8c1454b08f73419a5bef3f76cae102782a511909ad3008adc28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF51B232B1A6028ADB54CF19D444B397392EB48B98F108131DA5E877AADF7DEC71CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB54F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                    • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                                    • Instruction ID: 49fba652ead74db22450c8d555c56bf3747f293538122888df5c134f1f65596a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED5193329093828AEB748F6990443A877A2FB59B94F145135EB5D877EACF3CE470CB01
                                                                                                                                                                                                                                                    Function 00007FF6AB54EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                                    • Instruction ID: 0f00d5e2ca8de579551502e28f0c05e326f2cd114b13d21c4f75b7daa34c374e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B61C332909BC585EB618F15E4403AAB7A1FB89B84F044235EB9D43BA6DF7CD1A0CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB542810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                                    • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                                    • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                                    • Instruction ID: 1aff56844466a7d2e89c68126321a7954e187a0f387d7352635049a110ae6233
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B21DE72B1AB4182E710DF24F8457EA73A5FB8C780F400132EA8D9766ADE3CD655C700
                                                                                                                                                                                                                                                    Function 00007FF6AB55C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2718003287-0
                                                                                                                                                                                                                                                    • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                                    • Instruction ID: f74481ddf765ba7b8b1e051bfd488c6288c287568d21b7913a4cc2076cf6da6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3D13772B19A808AE711CF75D4401EC3BB1FB4A799F448235DE5D97BAADE38E006C744
                                                                                                                                                                                                                                                    Function 00007FF6AB5420C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                                    • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                    • Instruction ID: 0eb6f431212e9662e7a6b7a8c4ded623f91c4a1798dfd648ea806e3d29ad7adf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A110825F2D15282F6549F6AE9452BA5393EF8D780F889030DB4987BAFCD3ED5E18200
                                                                                                                                                                                                                                                    Function 00007FF6AB565B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                    • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                                    • Instruction ID: 6c66e212cc61bc98a1071b8d39739b54067d9fb101d2ed9227bc9bb2f3c0e844
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1412832A1A28A41FB249F25E4213795660EB98BA4F184235EF5C87BF7EF3CD441C700
                                                                                                                                                                                                                                                    Function 00007FF6AB559084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB5590B6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9CE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: GetLastError.KERNEL32(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9D8
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6AB54CC15), ref: 00007FF6AB5590D4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                    • API String ID: 3580290477-3562500763
                                                                                                                                                                                                                                                    • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                                    • Instruction ID: df4c5c29a0496a52d4925d79a463b4b39b82e6140868c38b57f3619435a83088
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3441C032A0AB6286EB15DF25E8800BC6BA4EF4C7C1B454135E94EC3BA7DE3DE4818744
                                                                                                                                                                                                                                                    Function 00007FF6AB55CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                    • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                                    • Instruction ID: 9a05436b883c74c1a026580062199210f02af5cbb6482ffa167a8f0b78a28d0e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F041C372B1AA8181EB60CF25E4443A977A0FB89794F444131EE4DC7BA9EF3CD401C744
                                                                                                                                                                                                                                                    Function 00007FF6AB55F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                    • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                    • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                                    • Instruction ID: 24dd75bcbb6321ba7cee3624cf4fae1fda534d7d66f0c1024f3a7fe1a3a74352
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9721E632A0938182FB209F15D45426E73B1FB8CB84F954135D68C836A6DF7CE5458B45
                                                                                                                                                                                                                                                    Function 00007FF6AB54FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                                    • Instruction ID: 835b373dedeb436925a092d90332d51629e1fb3767507d3003069c2342a977d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC112B32619B8182EB658F19F54026AB7E5FB8CB84F584230DA8D4776ADF3DD5618B00
                                                                                                                                                                                                                                                    Function 00007FF6AB5607AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2619191622.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619169366.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619220269.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619247224.00007FF6AB582000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2619329513.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                    • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                                    • Instruction ID: 788a44a058566f0fe2df519870d83fb93b2e18d304f716b88462ba0aebeb65d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51018F22A1A24386F724AF60A4B627E23A0EF4D708F880136D54DC26B6DF7CE544CA14

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:1.8%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0.4%
                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                    Total number of Limit Nodes:44
                                                                                                                                                                                                                                                    execution_graph 78812 70a0e6f0 78813 70a0e89b 78812->78813 78814 70a0e745 78812->78814 78814->78813 78815 70a0e805 strlen strncmp 78814->78815 78817 70a0e82b 78815->78817 78817->78813 78818 70a0dc10 78817->78818 78845 70a96500 78818->78845 78821 70a0dc92 78824 70a0e550 78821->78824 78842 70a0dca0 78821->78842 78822 70a0dcbe 78847 70a0a420 malloc 78822->78847 78889 70a96730 14 API calls 78824->78889 78829 70a0df7d 78843 70a0dc56 78829->78843 78892 70a96730 14 API calls 78829->78892 78830 70a05300 35 API calls 78830->78843 78831 70a0a420 55 API calls 78831->78843 78832 70a0dce4 78885 70a04590 35 API calls 78832->78885 78836 70a0df5a 78887 70a04590 35 API calls 78836->78887 78839 70a0dcef free 78839->78843 78840 70a0ddb6 free 78840->78843 78842->78822 78842->78836 78842->78843 78844 70a0dc7b 78842->78844 78843->78829 78843->78830 78843->78831 78843->78844 78886 70a05300 35 API calls 78843->78886 78888 70a26c50 __iob_func abort 78843->78888 78890 70a265b0 __iob_func abort 78843->78890 78891 70a27110 __iob_func abort 78843->78891 78844->78813 78846 70a0dc26 strlen strncmp 78845->78846 78846->78821 78846->78843 78848 70a0a4c4 78847->78848 78849 70a0a44a 78847->78849 78851 70a0a5c0 78848->78851 78854 70a0a4db 78848->78854 78893 70a2df40 __iob_func abort 78849->78893 78897 70a04230 7 API calls 78851->78897 78853 70a0a455 78863 70a0a490 free 78853->78863 78864 70a0a470 78853->78864 78856 70a0a6c0 _errno strerror 78854->78856 78857 70a0a4ea _errno 78854->78857 78855 70a0a5d3 78858 70a0a730 fprintf 78855->78858 78859 70a0a5df _errno 78855->78859 78865 70a0a6e6 fprintf 78856->78865 78860 70a0a47a 78857->78860 78873 70a0a767 _errno strerror fprintf 78858->78873 78861 70a0a787 _errno strerror fprintf 78859->78861 78862 70a0a5eb 8 API calls 78859->78862 78860->78832 78860->78844 78871 70a0a660 fprintf 78862->78871 78867 70a0a4f4 78863->78867 78868 70a0a4a9 78863->78868 78894 70a03760 14 API calls 78864->78894 78865->78858 78895 70a04230 7 API calls 78867->78895 78876 70a0a4b8 _errno 78868->78876 78882 70a0a690 78868->78882 78875 70a0a675 fputc 78871->78875 78872 70a0a507 78872->78865 78874 70a0a513 _errno 78872->78874 78873->78861 78874->78873 78878 70a0a51f fprintf 78874->78878 78875->78882 78876->78860 78896 70a2df20 78878->78896 78880 70a0a54a fprintf fputc fclose 78881 70a0a57f 78880->78881 78883 70a0a590 fprintf 78881->78883 78882->78856 78884 70a0a5a5 fputc 78883->78884 78884->78851 78885->78839 78886->78840 78887->78829 78888->78843 78890->78843 78891->78843 78893->78853 78894->78860 78895->78872 78896->78880 78897->78855 78898 70a199f0 78899 70a1a6d0 78898->78899 78952 70a19a11 78898->78952 78900 70a1a6e7 _errno 78899->78900 78909 70a19c2a 78899->78909 78900->78952 78901 70a1a704 78902 70a1a903 _errno 78903 70a1a911 fprintf fprintf fputc fclose 78902->78903 78904 70a1aff3 _errno strerror fprintf 78902->78904 78907 70a1a96e fprintf 78903->78907 78904->78909 78905 70a1b33e fprintf 78905->78952 78906 70a1a73f _errno 78908 70a1b493 _errno strerror fprintf 78906->78908 79606 70a1a74b fprintf fputc fclose 78906->79606 78916 70a1a980 fputc 78907->78916 78908->78952 78909->78902 78909->78905 78909->78906 78910 70a1a8be fprintf 78909->78910 78911 70a1a7c0 _errno 78909->78911 78914 70a19c7e GetProcAddress 78909->78914 78915 70a1b021 fprintf 78909->78915 78923 70a1ae06 _errno 78909->78923 78927 70a1a7fc _errno 78909->78927 78934 70a1bb50 _errno 78909->78934 78935 70a1bf77 fprintf 78909->78935 78937 70a1aa9f _errno 78909->78937 78939 70a1bd30 free 78909->78939 78946 70a1c1aa fprintf 78909->78946 78950 70a1ac44 _errno 78909->78950 78951 70a1ad14 _errno 78909->78951 78909->78952 78954 70a1aeb1 fprintf 78909->78954 78955 70a1a9e2 _errno 78909->78955 78956 70a1c781 fprintf 78909->78956 78958 70a1bb71 _errno strerror fprintf 78909->78958 78963 70a1c0f8 _errno 78909->78963 78966 70a1bd71 _errno 78909->78966 78967 70a1c221 fprintf 78909->78967 78968 70a1ba8f fprintf 78909->78968 78969 70a1aeee fprintf 78909->78969 78973 70a1bfae fprintf 78909->78973 78975 70a1ab74 _errno 78909->78975 78981 70a1c98c fprintf 78909->78981 78982 70a1c5d8 _errno 78909->78982 78983 70a1b98e fprintf 78909->78983 78988 70a1c129 fprintf fprintf fputc fclose 78909->78988 78991 70a1b627 _errno 78909->78991 78994 70a1ccfd fprintf 78909->78994 78999 70a1bce1 fprintf 78909->78999 79001 70a1b1cd fprintf 78909->79001 79002 70a1cab3 fprintf 78909->79002 79006 70a1c361 fprintf 78909->79006 79007 70a1c855 _errno 78909->79007 79011 70a1b884 _errno 78909->79011 79014 70a1bd9e fprintf 78909->79014 79015 70a1c30a fprintf 78909->79015 79017 70a1af56 _errno 78909->79017 79018 70a1bf4a _errno 78909->79018 79025 70a1c178 fprintf 78909->79025 79027 70a1c26f _errno 78909->79027 79032 70a1c7d8 fprintf 78909->79032 79033 70a1b7c6 _errno 78909->79033 79034 70a1bbc7 _errno 78909->79034 79037 70a1d181 fprintf 78909->79037 79038 70a1c4e5 fprintf 78909->79038 79041 70a1d1e2 _errno 78909->79041 79043 70a1b5cd fprintf 78909->79043 79046 70a1be70 _errno 78909->79046 79047 70a1c72a fprintf 78909->79047 79048 70a1baf4 _errno 78909->79048 79049 70a1ba0e fprintf fprintf fputc fclose 78909->79049 79055 70a1c51c fprintf 78909->79055 79057 70a1c955 fprintf 78909->79057 79062 70a1c9eb _errno 78909->79062 79063 70a1b9f4 _errno 78909->79063 79070 70a1c398 fprintf 78909->79070 79071 70a1b17e fprintf fprintf fputc fclose 78909->79071 79072 70a1c00b _errno 78909->79072 79075 70a1d684 fprintf 78909->79075 79081 70a1cb0a fprintf 78909->79081 79084 70a1c3f5 _errno 78909->79084 79091 70a1c644 _errno 78909->79091 79092 70a1ba5d fprintf 78909->79092 79094 70a1d3a3 fprintf 78909->79094 79095 70a1cb61 fprintf 78909->79095 79101 70a1ccbf fprintf 78909->79101 79102 70a1b44e 78909->79102 79103 70a1c6fa fprintf 78909->79103 79105 70a1b562 _errno 78909->79105 79109 70a1cf3a fprintf 78909->79109 79110 70a1be04 _errno 78909->79110 79116 70a1cd73 _errno 78909->79116 79120 70a1d75c _errno 78909->79120 79126 70a1d111 fprintf 78909->79126 79131 70a1d6c2 fprintf 78909->79131 79132 70a1b57e fprintf fprintf fputc fclose 78909->79132 79138 70a1cbc0 _errno 78909->79138 79140 70a1d4d1 fprintf 78909->79140 79145 70a1ce7b _errno 78909->79145 79146 70a1e045 fprintf 78909->79146 79147 70a2196f fprintf 78909->79147 79148 70a1d3da fprintf 78909->79148 79149 70a1d87a _errno 78909->79149 79150 70a1d422 _errno 78909->79150 79157 70a1d2bb _errno 78909->79157 79166 70a1dba2 fprintf 78909->79166 79171 70a1d548 fprintf 78909->79171 79177 70a1d80b fprintf 78909->79177 79184 70a1dd71 GetProcAddress 78909->79184 79188 70a1dc33 _errno 78909->79188 79189 70a219be _errno 78909->79189 79193 70a1d5be _errno 78909->79193 79205 70a21d3b _errno 78909->79205 79206 70a1dcf9 fprintf 78909->79206 79207 70a21a84 fprintf 78909->79207 79211 70a1e132 _errno 78909->79211 79214 70a1dcc0 fprintf 78909->79214 79217 70a21e01 fprintf 78909->79217 79218 70a21a4b fprintf 78909->79218 79219 70a1d96f _errno 78909->79219 79220 70a1df24 _errno 78909->79220 79223 70a21e4d _errno 78909->79223 79224 70a1e1f8 fprintf 78909->79224 79229 70a21c10 _errno 78909->79229 79230 70a1dfea fprintf 78909->79230 79232 70a21dc8 fprintf 78909->79232 79237 70a1de12 _errno 78909->79237 79238 70a1da35 fprintf 78909->79238 79242 70a1e1bf fprintf 78909->79242 79243 70a21f13 fprintf 78909->79243 79246 70a21afe _errno 78909->79246 79247 70a1da81 _errno 78909->79247 79248 70a1dfb1 fprintf 78909->79248 79249 70a21cd6 fprintf 78909->79249 79250 70a2182e _errno 78909->79250 79253 70a1d9fc fprintf 78909->79253 79256 70a1ded8 fprintf 78909->79256 79259 70a1db47 fprintf 78909->79259 79264 70a21eda fprintf 78909->79264 79265 70a21bc4 fprintf 78909->79265 79266 70a2171c _errno 78909->79266 79268 70a21c9d fprintf 78909->79268 79269 70a218f4 fprintf 78909->79269 79271 70a215dc _errno 78909->79271 79272 70a1de9f fprintf 78909->79272 79276 70a1db0e fprintf 78909->79276 79277 70a217e2 fprintf 78909->79277 79279 70a214ca _errno 78909->79279 79283 70a21b8b fprintf 78909->79283 79285 70a2138a _errno 78909->79285 79287 70a218bb fprintf 78909->79287 79291 70a216a2 fprintf 78909->79291 79293 70a217a9 fprintf 78909->79293 79299 70a21590 fprintf 78909->79299 79301 70a21278 _errno 78909->79301 79303 70a21450 fprintf 78909->79303 79305 70a1b716 _errno 78909->79305 79306 70a21138 _errno 78909->79306 79307 70a21669 fprintf 78909->79307 79311 70a2133e fprintf 78909->79311 79313 70a21026 _errno 78909->79313 79314 70a21557 fprintf 78909->79314 79318 70a20ee6 _errno 78909->79318 79319 70a21417 fprintf 78909->79319 79325 70a211fe fprintf 78909->79325 79326 70a21305 fprintf 78909->79326 79331 70a210ec fprintf 78909->79331 79332 70a20dd4 _errno 78909->79332 79334 70a20fac fprintf 78909->79334 79336 70a20c94 _errno 78909->79336 79337 70a211c5 fprintf 78909->79337 79341 70a20e9a fprintf 78909->79341 79343 70a20b82 _errno 78909->79343 79345 70a210b3 fprintf 78909->79345 79348 70a20a42 _errno 78909->79348 79349 70a20f73 fprintf 78909->79349 79354 70a20d5a fprintf 78909->79354 79355 70a20e61 fprintf 78909->79355 79360 70a20c48 fprintf 78909->79360 79361 70a20930 _errno 78909->79361 79362 70a1b164 _errno 78909->79362 79364 70a20b08 fprintf 78909->79364 79367 70a207f0 _errno 78909->79367 79368 70a20d21 fprintf 78909->79368 79373 70a209f6 fprintf 78909->79373 79374 70a206de _errno 78909->79374 79375 70a20c0f fprintf 78909->79375 79379 70a2059e _errno 78909->79379 79380 70a20acf fprintf 78909->79380 79385 70a208b6 fprintf 78909->79385 79386 70a209bd fprintf 78909->79386 79389 70a1b309 _errno 78909->79389 79392 70a207a4 fprintf 78909->79392 79393 70a2048c _errno 78909->79393 79395 70a20664 fprintf 78909->79395 79397 70a2034c _errno 78909->79397 79398 70a2087d fprintf 78909->79398 79402 70a20552 fprintf 78909->79402 79403 70a2023a _errno 78909->79403 79404 70a2076b fprintf 78909->79404 79408 70a200fa _errno 78909->79408 79409 70a2062b fprintf 78909->79409 79415 70a20412 fprintf 78909->79415 79416 70a20519 fprintf 78909->79416 79417 70a1c59b _errno 78909->79417 79421 70a20300 fprintf 78909->79421 79423 70a1ffe8 _errno 78909->79423 79425 70a201c0 fprintf 78909->79425 79427 70a1fea8 _errno 78909->79427 79428 70a203d9 fprintf 78909->79428 79432 70a200ae fprintf 78909->79432 79433 70a1b956 _errno 78909->79433 79434 70a1fd96 _errno 78909->79434 79436 70a202c7 fprintf 78909->79436 79440 70a1d0c1 fprintf 78909->79440 79442 70a1fc56 _errno 78909->79442 79443 70a20187 fprintf 78909->79443 79448 70a1ff6e fprintf 78909->79448 79449 70a20075 fprintf 78909->79449 79453 70a1fe5c fprintf 78909->79453 79455 70a1fb44 _errno 78909->79455 79456 70a04230 7 API calls 78909->79456 79458 70a1fd1c fprintf 78909->79458 79460 70a1fa04 _errno 78909->79460 79462 70a1ff35 fprintf 78909->79462 79466 70a1fc0a fprintf 78909->79466 79467 70a1f8f2 _errno 78909->79467 79468 70a1fe23 fprintf 78909->79468 79472 70a1f7b2 _errno 78909->79472 79473 70a1fce3 fprintf 78909->79473 79478 70a1faca fprintf 78909->79478 79479 70a1fbd1 fprintf 78909->79479 79483 70a1f9b8 fprintf 78909->79483 79486 70a1f6a0 _errno 78909->79486 79488 70a1f878 fprintf 78909->79488 79489 70a1f560 _errno 78909->79489 79490 70a1fa91 fprintf 78909->79490 79495 70a1f766 fprintf 78909->79495 79496 70a1f44e _errno 78909->79496 79497 70a1f97f fprintf 78909->79497 79502 70a1f30e _errno 78909->79502 79503 70a1f83f fprintf 78909->79503 79508 70a1f626 fprintf 78909->79508 79509 70a1f72d fprintf 78909->79509 79513 70a1f514 fprintf 78909->79513 79515 70a1f1fc _errno 78909->79515 79517 70a1f3d4 fprintf 78909->79517 79518 70a1f0bc _errno 78909->79518 79520 70a1f5ed fprintf 78909->79520 79525 70a1f2c2 fprintf 78909->79525 79526 70a1efaa _errno 78909->79526 79527 70a1f4db fprintf 78909->79527 79531 70a1ee6a _errno 78909->79531 79532 70a1f39b fprintf 78909->79532 79537 70a1f182 fprintf 78909->79537 79539 70a1f289 fprintf 78909->79539 79543 70a1f070 fprintf 78909->79543 79546 70a1ed58 _errno 78909->79546 79548 70a1ef30 fprintf 78909->79548 79549 70a1ec18 _errno 78909->79549 79550 70a1f149 fprintf 78909->79550 79556 70a1ee1e fprintf 78909->79556 79557 70a1eb06 _errno 78909->79557 79558 70a1f037 fprintf 78909->79558 79563 70a1e9c6 _errno 78909->79563 79564 70a1eef7 fprintf 78909->79564 79569 70a1ecde fprintf 78909->79569 79572 70a1ede5 fprintf 78909->79572 79577 70a1ebcc fprintf 78909->79577 79581 70a1ea8c fprintf 78909->79581 79583 70a1eca5 fprintf 78909->79583 79584 70a1e8b4 _errno 78909->79584 79591 70a1eb93 fprintf 78909->79591 79592 70a1e758 _errno 78909->79592 79595 70a1e97a fprintf 78909->79595 79596 70a1ea53 fprintf 78909->79596 79597 70a1e646 _errno 78909->79597 79602 70a1e4ce _errno 78909->79602 79608 70a1e81e fprintf 78909->79608 79609 70a1e941 fprintf 78909->79609 79613 70a1e70c fprintf 78909->79613 79614 70a1e3bc _errno 78909->79614 79615 70a1e594 fprintf 78909->79615 79616 70a1e7e5 fprintf 78909->79616 79620 70a1e482 fprintf 78909->79620 79621 70a1e6d3 fprintf 78909->79621 79622 70a1e244 _errno 78909->79622 79623 70a1e55b fprintf 78909->79623 79628 70a1e30a fprintf 78909->79628 79629 70a1e449 fprintf 78909->79629 79632 70a1e2d1 fprintf 78909->79632 78910->78909 78911->78901 78911->78909 78914->78909 78918 70a19cab GetProcAddress 78914->78918 78915->78952 78924 70a1a992 GetProcAddress 78916->78924 78917 70a1a788 fputc 78917->78901 78918->78909 78922 70a19cc0 GetProcAddress 78918->78922 78919 70a1b4c8 _errno 78919->78952 78922->78909 78926 70a19cd5 GetProcAddress 78922->78926 78928 70a1c753 _errno strerror fprintf 78923->78928 78929 70a1ae14 fprintf fprintf fputc fclose 78923->78929 78924->78909 78930 70a19cf1 GetProcAddress 78924->78930 78926->78924 78926->78930 78931 70a1c1f3 _errno strerror fprintf 78927->78931 78932 70a1a808 fprintf fputc fclose 78927->78932 78928->78909 78941 70a1ae78 fprintf 78929->78941 78936 70a19d0d GetProcAddress 78930->78936 78930->78952 78931->78909 78942 70a1a85a fputc 78932->78942 78934->78909 78938 70a1c801 _errno strerror fprintf 78934->78938 78935->78909 78940 70a19d29 GetProcAddress 78936->78940 78936->78952 78944 70a1bc80 _errno strerror fprintf 78937->78944 78945 70a1aaad fprintf fprintf fputc fclose 78937->78945 78938->78952 78939->78909 78939->78952 78940->78909 78949 70a19d3e GetProcAddress 78940->78949 78953 70a1ae91 fputc 78941->78953 78942->78952 78943 70a1b76f _errno 78943->78952 78957 70a1c333 _errno strerror fprintf 78943->78957 78977 70a1bca0 fprintf 78944->78977 78972 70a1ab11 fprintf 78945->78972 78965 70a1c1d3 _errno strerror fprintf 78946->78965 78947 70a04a00 48 API calls 78959 70a1b3cc free 78947->78959 78948 70a1b087 _errno 78948->78901 78997 70a1b0a4 78948->78997 78949->78952 78960 70a19d5a GetProcAddress 78949->78960 78961 70a1ac50 fprintf fprintf fputc fclose 78950->78961 78962 70a1bf0b _errno strerror fprintf 78950->78962 78964 70a1ad20 fprintf fprintf fputc fclose 78951->78964 78951->78965 78952->78901 78952->78909 78952->78911 78952->78919 78952->78939 78952->78943 78952->78947 78952->78948 78952->78966 79003 70a1cf97 _errno 78952->79003 79035 70a1b417 _time64 78952->79035 79073 70a1b82f _errno 78952->79073 79203 70a1d91b GetProcAddress 78952->79203 79286 70a1a569 _time64 srand 78952->79286 79320 70a2d860 2 API calls 78952->79320 79412 70a2d470 10 API calls 78952->79412 79498 70a05fd0 103 API calls 78952->79498 79519 70a1b7f0 free 78952->79519 79533 70a1b238 free 78952->79533 79565 70a1b277 _errno 78952->79565 79575 70a0a420 55 API calls 78952->79575 79588 70a1b216 memcpy free 78952->79588 79639 70a2dcd0 78952->79639 79653 70a2da40 78952->79653 79667 70a2d5c0 78952->79667 79681 70a2d710 78952->79681 79695 70a70be0 78952->79695 79704 70a04a00 78952->79704 79828 70a04230 7 API calls 78952->79828 78953->78911 78954->78909 78970 70a1cf6a _errno strerror fprintf 78955->78970 78971 70a1a9ee fprintf fprintf fputc fclose 78955->78971 78984 70a1c7aa _errno strerror fprintf 78956->78984 78957->78909 78958->78952 79805 70a0da10 78959->79805 78960->78952 78976 70a19d6f GetProcAddress GetProcAddress 78960->78976 78979 70a1acb4 fprintf 78961->78979 78962->78909 78963->78909 78980 70a1c100 _errno strerror fprintf 78963->78980 78989 70a1ad84 fprintf 78964->78989 78965->78931 78966->78909 78967->78909 78968->78952 78969->78952 78970->78952 78992 70a1aa52 fprintf 78971->78992 78993 70a1ab2a fputc 78972->78993 78973->78909 78985 70a1ab80 fprintf fprintf fputc fclose 78975->78985 78986 70a1c4b7 _errno strerror fprintf 78975->78986 78976->78952 78987 70a19d98 GetProcAddress GetProcAddress 78976->78987 78977->78917 79000 70a1accd fputc 78979->79000 78980->78909 78981->78952 78982->78909 78990 70a1c5e2 _errno strerror fprintf 78982->78990 78983->78952 78984->78909 79008 70a1abe4 fprintf 78985->79008 78986->78909 78987->78909 78995 70a19dc1 GetProcAddress GetProcAddress 78987->78995 78988->78909 79013 70a1ad9d fputc 78989->79013 78990->78909 79004 70a1b631 _errno strerror fprintf 78991->79004 79005 70a1b64c fprintf fprintf fputc fclose 78991->79005 79016 70a1aa6b fputc 78992->79016 78993->78952 79021 70a1cd26 _errno strerror fprintf 78994->79021 78995->78909 79009 70a19df1 GetProcAddress 78995->79009 78998 70a1b0c3 _errno 78997->78998 79012 70a1b4fe fprintf 78997->79012 79825 70a04230 7 API calls 78997->79825 78998->78958 79010 70a1b0d1 fprintf fputc fclose 78998->79010 78999->78952 79000->78911 79026 70a1b1df fputc 79001->79026 79002->78909 79003->78901 79064 70a1cfdd 79003->79064 79004->79005 79028 70a1b6b0 fprintf 79005->79028 79006->78909 79019 70a1c877 fprintf fprintf fputc fclose 79007->79019 79020 70a1c85c _errno strerror fprintf 79007->79020 79036 70a1abfd fputc 79008->79036 79009->78909 79022 70a19e0d GetProcAddress 79009->79022 79040 70a1b11d fputc 79010->79040 79023 70a1b890 fprintf fprintf fputc fclose 79011->79023 79024 70a1cadc _errno strerror fprintf 79011->79024 79012->78952 79013->78911 79014->78952 79015->78957 79016->78911 79029 70a1cc91 _errno strerror fprintf 79017->79029 79030 70a1af64 fprintf fprintf fputc fclose 79017->79030 79018->78909 79031 70a1cb33 _errno strerror fprintf 79018->79031 79053 70a1c8db fprintf 79019->79053 79020->79019 79021->78952 79022->78909 79039 70a19e29 GetProcAddress 79022->79039 79042 70a1b8f4 fprintf 79023->79042 79024->78909 79061 70a1c18a fputc 79025->79061 79026->78952 79027->79021 79044 70a1c27b fprintf fprintf fputc fclose 79027->79044 79065 70a1b6c9 fputc 79028->79065 79029->78909 79069 70a1afc8 fprintf 79030->79069 79031->78909 79032->78938 79033->78909 79050 70a1ca85 _errno strerror fprintf 79033->79050 79051 70a1bbd1 _errno strerror fprintf 79034->79051 79052 70a1bbec fprintf fprintf fputc fclose 79034->79052 79827 70a098a0 19 API calls 79035->79827 79036->78911 79037->78952 79038->78909 79039->78952 79056 70a19e3e GetProcAddress 79039->79056 79040->78901 79059 70a21921 _errno strerror fprintf 79041->79059 79060 70a1d1f4 fprintf fprintf fputc fclose 79041->79060 79076 70a1b90d fputc 79042->79076 79080 70a1b5df fputc 79043->79080 79082 70a1c2d8 fprintf 79044->79082 79066 70a1d13a _errno strerror fprintf 79046->79066 79067 70a1be7c fprintf fprintf fputc fclose 79046->79067 79047->78928 79048->78909 79068 70a1bb03 _errno strerror fprintf 79048->79068 79049->78909 79050->78909 79051->79052 79085 70a1bc50 fprintf 79052->79085 79088 70a1c8f4 fputc 79053->79088 79055->78909 79056->78952 79058 70a19e53 GetProcAddress 79056->79058 79057->78909 79058->78909 79074 70a19e6f GetProcAddress 79058->79074 79093 70a21941 _errno strerror fprintf 79059->79093 79090 70a1d251 fprintf 79060->79090 79061->78952 79077 70a1c9f6 fprintf fprintf fputc fclose 79062->79077 79078 70a1d83b _errno strerror fprintf 79062->79078 79063->78909 79079 70a1ce25 _errno strerror fprintf 79063->79079 79829 70a04230 7 API calls 79064->79829 79065->78911 79066->78909 79097 70a1bee0 fprintf 79067->79097 79068->78909 79098 70a1afe1 fputc 79069->79098 79070->78909 79071->78909 79086 70a1c035 fprintf fprintf fputc fclose 79072->79086 79087 70a1c01a _errno strerror fprintf 79072->79087 79073->78952 79074->78952 79089 70a19e84 GetProcAddress 79074->79089 79075->78909 79076->78911 79106 70a1ca5a fprintf 79077->79106 79078->78909 79079->78952 79080->78919 79081->79031 79111 70a1c2ea fputc 79082->79111 79099 70a1d375 _errno strerror fprintf 79084->79099 79100 70a1c408 fprintf fprintf fputc fclose 79084->79100 79114 70a1bc69 fputc 79085->79114 79115 70a1c099 fprintf 79086->79115 79087->79086 79088->78911 79089->78909 79104 70a19ea0 GetProcAddress 79089->79104 79118 70a1d263 fputc 79090->79118 79107 70a1d4fa _errno strerror fprintf 79091->79107 79108 70a1c64f fprintf fprintf fputc fclose 79091->79108 79122 70a1ba6f fputc 79092->79122 79093->78909 79094->78909 79095->78909 79096 70a1cff0 79112 70a1cffc _errno 79096->79112 79113 70a1d07f fprintf 79096->79113 79125 70a1bef9 fputc 79097->79125 79098->78911 79099->78909 79127 70a1c46c fprintf 79100->79127 79101->78909 79102->78901 79103->78909 79104->78909 79117 70a19eb5 GetProcAddress 79104->79117 79105->78909 79119 70a1c906 _errno strerror fprintf 79105->79119 79133 70a1ca73 fputc 79106->79133 79141 70a1d51a _errno strerror fprintf 79107->79141 79136 70a1c6b3 fprintf 79108->79136 79109->78970 79110->78909 79121 70a1be0e _errno strerror fprintf 79110->79121 79111->78909 79123 70a1d021 fprintf fputc fclose 79112->79123 79124 70a1d006 _errno strerror fprintf 79112->79124 79137 70a1d061 fputc 79113->79137 79114->78911 79142 70a1c0b2 fputc 79115->79142 79128 70a1cd81 _errno strerror fprintf 79116->79128 79129 70a1cd9c fprintf fprintf fputc fclose 79116->79129 79117->78952 79130 70a19ed1 GetProcAddress 79117->79130 79118->78909 79119->78909 79134 70a1e017 _errno strerror fprintf 79120->79134 79135 70a1d76e fprintf fprintf fputc fclose 79120->79135 79121->78909 79122->78952 79123->79137 79124->79123 79125->78911 79126->79066 79153 70a1c485 fputc 79127->79153 79128->79129 79143 70a1cdfc fprintf 79129->79143 79130->78909 79144 70a19eed GetProcAddress 79130->79144 79131->78952 79132->78909 79133->78911 79134->78909 79158 70a1d7d2 fprintf 79135->79158 79159 70a1c6cc fputc 79136->79159 79137->78901 79151 70a1cbe2 fprintf fprintf fputc fclose 79138->79151 79152 70a1cbc7 _errno strerror fprintf 79138->79152 79140->79107 79141->78909 79142->78911 79164 70a1ce13 fputc 79143->79164 79144->78952 79154 70a19f02 GetProcAddress 79144->79154 79155 70a1ce82 _errno strerror fprintf 79145->79155 79156 70a1ce9d fprintf fprintf fputc fclose 79145->79156 79167 70a1e075 GetProcAddress 79146->79167 79147->78909 79148->78909 79160 70a1db74 _errno strerror fprintf 79149->79160 79161 70a1d88c fprintf fprintf fputc fclose 79149->79161 79150->79093 79162 70a1d434 fprintf fprintf fputc fclose 79150->79162 79170 70a1cc46 fprintf 79151->79170 79152->79151 79153->78911 79154->78909 79165 70a19f1e GetProcAddress 79154->79165 79155->79156 79175 70a1cf01 fprintf 79156->79175 79168 70a1dd26 _errno strerror fprintf 79157->79168 79169 70a1d2cd fprintf fprintf fputc fclose 79157->79169 79176 70a1d7eb fputc 79158->79176 79159->78911 79160->78909 79178 70a1d8f0 fprintf 79161->79178 79179 70a1d498 fprintf 79162->79179 79164->78901 79165->78909 79172 70a19f3a GetProcAddress 79165->79172 79166->78952 79173 70a1e091 GetProcAddress 79167->79173 79174 70a1a4b9 GetProcAddress 79167->79174 79182 70a1dd46 GetProcAddress 79168->79182 79181 70a1d331 fprintf 79169->79181 79183 70a1cc5f fputc 79170->79183 79171->78952 79172->78952 79180 70a19f56 GetProcAddress 79172->79180 79173->78909 79173->79174 79174->79184 79185 70a1a4d5 GetProcAddress 79174->79185 79187 70a1cf1a fputc 79175->79187 79176->78911 79177->79078 79191 70a1d909 fputc 79178->79191 79192 70a1d4b1 fputc 79179->79192 79180->78909 79186 70a19f72 GetProcAddress 79180->79186 79195 70a1d34a fputc 79181->79195 79182->78909 79183->78911 79184->79185 79190 70a1dd8d GetProcAddress 79184->79190 79185->78952 79185->79182 79186->78909 79194 70a19f8e GetProcAddress 79186->79194 79187->78911 79196 70a1dc41 _errno strerror fprintf 79188->79196 79197 70a1dc5c fprintf fprintf fputc fclose 79188->79197 79198 70a219e7 fprintf fprintf fputc fclose 79189->79198 79199 70a219cc _errno strerror fprintf 79189->79199 79190->79185 79200 70a1dda9 GetProcAddress 79190->79200 79191->78911 79192->78911 79201 70a1d5e7 fprintf fprintf fputc fclose 79193->79201 79202 70a1d5cc _errno strerror fprintf 79193->79202 79194->78909 79204 70a19faa GetProcAddress 79194->79204 79195->78911 79196->79197 79197->78909 79198->78909 79199->79198 79200->78909 79200->79185 79212 70a1d64b fprintf 79201->79212 79202->79201 79203->78909 79203->78952 79204->78909 79208 70a19fc6 GetProcAddress 79204->79208 79209 70a21d64 fprintf fprintf fputc fclose 79205->79209 79210 70a21d49 _errno strerror fprintf 79205->79210 79206->78909 79207->78909 79208->78909 79213 70a19fdb GetProcAddress 79208->79213 79209->78909 79210->79209 79215 70a1e140 _errno strerror fprintf 79211->79215 79216 70a1e15b fprintf fprintf fputc fclose 79211->79216 79221 70a1d664 fputc 79212->79221 79213->78909 79222 70a19ff7 GetProcAddress 79213->79222 79233 70a1dcd9 fputc 79214->79233 79215->79216 79216->78909 79217->78909 79236 70a21a64 fputc 79218->79236 79225 70a1d998 fprintf fprintf fputc fclose 79219->79225 79226 70a1d97d _errno strerror fprintf 79219->79226 79227 70a1df32 _errno strerror fprintf 79220->79227 79228 70a1df4d fprintf fprintf fputc fclose 79220->79228 79221->78911 79222->78909 79231 70a1a00c GetProcAddress 79222->79231 79234 70a21e76 fprintf fprintf fputc fclose 79223->79234 79235 70a21e5b _errno strerror fprintf 79223->79235 79224->78909 79225->78909 79226->79225 79227->79228 79228->78909 79239 70a21c39 fprintf fprintf fputc fclose 79229->79239 79240 70a21c1e _errno strerror fprintf 79229->79240 79230->78909 79231->78909 79241 70a1a021 GetProcAddress 79231->79241 79252 70a21de1 fputc 79232->79252 79233->78911 79234->78909 79235->79234 79236->78911 79244 70a1de20 _errno strerror fprintf 79237->79244 79245 70a1de3b fprintf fprintf fputc fclose 79237->79245 79238->78909 79239->78909 79240->79239 79241->78909 79251 70a1a03d GetProcAddress 79241->79251 79263 70a1e1d8 fputc 79242->79263 79243->78909 79244->79245 79245->78909 79254 70a21b27 fprintf fprintf fputc fclose 79246->79254 79255 70a21b0c _errno strerror fprintf 79246->79255 79257 70a1daaa fprintf fprintf fputc fclose 79247->79257 79258 70a1da8f _errno strerror fprintf 79247->79258 79267 70a1dfca fputc 79248->79267 79249->78909 79260 70a21857 fprintf fprintf fputc fclose 79250->79260 79261 70a2183c _errno strerror fprintf 79250->79261 79251->78909 79262 70a1a059 GetProcAddress 79251->79262 79252->78911 79273 70a1da15 fputc 79253->79273 79254->78909 79255->79254 79256->78909 79257->78909 79258->79257 79259->78909 79260->78909 79261->79260 79262->78909 79270 70a1a075 GetProcAddress 79262->79270 79263->78911 79280 70a21ef3 fputc 79264->79280 79265->78909 79274 70a21745 fprintf fprintf fputc fclose 79266->79274 79275 70a2172a _errno strerror fprintf 79266->79275 79267->78911 79284 70a21cb6 fputc 79268->79284 79269->78909 79270->78909 79278 70a1a091 GetProcAddress 79270->79278 79281 70a21605 fprintf fprintf fputc fclose 79271->79281 79282 70a215ea _errno strerror fprintf 79271->79282 79292 70a1deb8 fputc 79272->79292 79273->78911 79274->78909 79275->79274 79294 70a1db27 fputc 79276->79294 79277->78909 79278->78909 79288 70a1a0ad GetProcAddress 79278->79288 79289 70a214f3 fprintf fprintf fputc fclose 79279->79289 79290 70a214d8 _errno strerror fprintf 79279->79290 79280->78911 79281->78909 79282->79281 79300 70a21ba4 fputc 79283->79300 79284->78911 79295 70a213b3 fprintf fprintf fputc fclose 79285->79295 79296 70a21398 _errno strerror fprintf 79285->79296 79634 70a2d860 79286->79634 79302 70a218d4 fputc 79287->79302 79288->78909 79298 70a1a0c9 GetProcAddress 79288->79298 79289->78909 79290->79289 79291->78909 79292->78911 79310 70a217c2 fputc 79293->79310 79294->78911 79295->78909 79296->79295 79298->78909 79304 70a1a0e5 GetProcAddress 79298->79304 79299->78909 79300->78911 79308 70a212a1 fprintf fprintf fputc fclose 79301->79308 79309 70a21286 _errno strerror fprintf 79301->79309 79302->78911 79303->78909 79304->78909 79312 70a1a101 GetProcAddress 79304->79312 79305->78909 79315 70a1b71e _errno strerror fprintf 79305->79315 79316 70a21161 fprintf fprintf fputc fclose 79306->79316 79317 70a21146 _errno strerror fprintf 79306->79317 79324 70a21682 fputc 79307->79324 79308->78909 79309->79308 79310->78911 79311->78909 79312->78909 79321 70a1a116 GetProcAddress 79312->79321 79322 70a21034 _errno strerror fprintf 79313->79322 79323 70a2104f fprintf fprintf fputc fclose 79313->79323 79330 70a21570 fputc 79314->79330 79315->78909 79316->78909 79317->79316 79327 70a20ef4 _errno strerror fprintf 79318->79327 79328 70a20f0f fprintf fprintf fputc fclose 79318->79328 79333 70a21430 fputc 79319->79333 79320->78952 79321->78909 79329 70a1a132 GetProcAddress 79321->79329 79322->79323 79323->78909 79324->78911 79325->78909 79340 70a2131e fputc 79326->79340 79327->79328 79328->78909 79329->78909 79335 70a1a14e GetProcAddress 79329->79335 79330->78911 79331->78909 79338 70a20de2 _errno strerror fprintf 79332->79338 79339 70a20dfd fprintf fprintf fputc fclose 79332->79339 79333->78911 79334->78909 79335->78909 79344 70a1a16a GetProcAddress 79335->79344 79346 70a20ca2 _errno strerror fprintf 79336->79346 79347 70a20cbd fprintf fprintf fputc fclose 79336->79347 79353 70a211de fputc 79337->79353 79338->79339 79339->78909 79340->78911 79341->78909 79350 70a20b90 _errno strerror fprintf 79343->79350 79351 70a20bab fprintf fprintf fputc fclose 79343->79351 79344->78909 79352 70a1a186 GetProcAddress 79344->79352 79359 70a210cc fputc 79345->79359 79346->79347 79347->78909 79356 70a20a50 _errno strerror fprintf 79348->79356 79357 70a20a6b fprintf fprintf fputc fclose 79348->79357 79363 70a20f8c fputc 79349->79363 79350->79351 79351->78909 79352->78909 79358 70a1a1a2 GetProcAddress 79352->79358 79353->78911 79354->78909 79371 70a20e7a fputc 79355->79371 79356->79357 79357->78909 79358->78909 79366 70a1a1be GetProcAddress 79358->79366 79359->78911 79360->78909 79369 70a20959 fprintf fprintf fputc fclose 79361->79369 79370 70a2093e _errno strerror fprintf 79361->79370 79362->78909 79372 70a1c545 _errno strerror fprintf 79362->79372 79363->78911 79364->78909 79366->78909 79376 70a1a1d3 GetProcAddress 79366->79376 79377 70a20819 fprintf fprintf fputc fclose 79367->79377 79378 70a207fe _errno strerror fprintf 79367->79378 79384 70a20d3a fputc 79368->79384 79369->78909 79370->79369 79371->78911 79372->78952 79373->78909 79381 70a20707 fprintf fprintf fputc fclose 79374->79381 79382 70a206ec _errno strerror fprintf 79374->79382 79390 70a20c28 fputc 79375->79390 79376->78909 79383 70a1a1e8 GetProcAddress 79376->79383 79377->78909 79378->79377 79387 70a205c7 fprintf fprintf fputc fclose 79379->79387 79388 70a205ac _errno strerror fprintf 79379->79388 79394 70a20ae8 fputc 79380->79394 79381->78909 79382->79381 79383->78909 79391 70a1a204 GetProcAddress 79383->79391 79384->78911 79385->78909 79401 70a209d6 fputc 79386->79401 79387->78909 79388->79387 79389->78909 79389->78984 79390->78911 79391->78909 79396 70a1a220 GetProcAddress 79391->79396 79392->78909 79399 70a204b5 fprintf fprintf fputc fclose 79393->79399 79400 70a2049a _errno strerror fprintf 79393->79400 79394->78911 79395->78909 79396->78909 79405 70a1a23c GetProcAddress 79396->79405 79406 70a20375 fprintf fprintf fputc fclose 79397->79406 79407 70a2035a _errno strerror fprintf 79397->79407 79414 70a20896 fputc 79398->79414 79399->78909 79400->79399 79401->78911 79402->78909 79410 70a20263 fprintf fprintf fputc fclose 79403->79410 79411 70a20248 _errno strerror fprintf 79403->79411 79420 70a20784 fputc 79404->79420 79405->78909 79413 70a1a258 GetProcAddress 79405->79413 79406->78909 79407->79406 79418 70a20123 fprintf fprintf fputc fclose 79408->79418 79419 70a20108 _errno strerror fprintf 79408->79419 79424 70a20644 fputc 79409->79424 79410->78909 79411->79410 79412->78952 79413->78909 79422 70a1a26d GetProcAddress 79413->79422 79414->78911 79415->78909 79431 70a20532 fputc 79416->79431 79417->78909 79417->79141 79418->78909 79419->79418 79420->78911 79421->78909 79422->78909 79426 70a1a289 GetProcAddress 79422->79426 79429 70a20011 fprintf fprintf fputc fclose 79423->79429 79430 70a1fff6 _errno strerror fprintf 79423->79430 79424->78911 79425->78909 79426->78909 79437 70a1a2a5 GetProcAddress 79426->79437 79438 70a1fed1 fprintf fprintf fputc fclose 79427->79438 79439 70a1feb6 _errno strerror fprintf 79427->79439 79447 70a203f2 fputc 79428->79447 79429->78909 79430->79429 79431->78911 79432->78909 79433->78909 79441 70a1cc71 _errno strerror fprintf 79433->79441 79444 70a1fda4 _errno strerror fprintf 79434->79444 79445 70a1fdbf fprintf fprintf fputc fclose 79434->79445 79452 70a202e0 fputc 79436->79452 79437->78909 79446 70a1a2ba GetProcAddress 79437->79446 79438->78909 79439->79438 79440->78909 79441->79029 79450 70a1fc64 _errno strerror fprintf 79442->79450 79451 70a1fc7f fprintf fprintf fputc fclose 79442->79451 79457 70a201a0 fputc 79443->79457 79444->79445 79445->78909 79446->78909 79454 70a1a2d6 GetProcAddress 79446->79454 79447->78911 79448->78909 79465 70a2008e fputc 79449->79465 79450->79451 79451->78909 79452->78911 79453->78909 79454->78909 79461 70a1a2f2 GetProcAddress 79454->79461 79463 70a1fb52 _errno strerror fprintf 79455->79463 79464 70a1fb6d fprintf fprintf fputc fclose 79455->79464 79456->78909 79457->78911 79458->78909 79469 70a1fa12 _errno strerror fprintf 79460->79469 79470 70a1fa2d fprintf fprintf fputc fclose 79460->79470 79461->78909 79471 70a1a30e GetProcAddress 79461->79471 79477 70a1ff4e fputc 79462->79477 79463->79464 79464->78909 79465->78911 79466->78909 79474 70a1f900 _errno strerror fprintf 79467->79474 79475 70a1f91b fprintf fprintf fputc fclose 79467->79475 79482 70a1fe3c fputc 79468->79482 79469->79470 79470->78909 79471->78909 79476 70a1a32a GetProcAddress 79471->79476 79480 70a1f7c0 _errno strerror fprintf 79472->79480 79481 70a1f7db fprintf fprintf fputc fclose 79472->79481 79487 70a1fcfc fputc 79473->79487 79474->79475 79475->78909 79476->78909 79485 70a1a33f GetProcAddress 79476->79485 79477->78911 79478->78909 79494 70a1fbea fputc 79479->79494 79480->79481 79481->78909 79482->78911 79483->78909 79485->78909 79491 70a1a35b GetProcAddress 79485->79491 79492 70a1f6c9 fprintf fprintf fputc fclose 79486->79492 79493 70a1f6ae _errno strerror fprintf 79486->79493 79487->78911 79488->78909 79499 70a1f589 fprintf fprintf fputc fclose 79489->79499 79500 70a1f56e _errno strerror fprintf 79489->79500 79506 70a1faaa fputc 79490->79506 79491->78909 79501 70a1a377 GetProcAddress 79491->79501 79492->78909 79493->79492 79494->78911 79495->78909 79504 70a1f477 fprintf fprintf fputc fclose 79496->79504 79505 70a1f45c _errno strerror fprintf 79496->79505 79512 70a1f998 fputc 79497->79512 79498->78952 79499->78909 79500->79499 79501->78909 79507 70a1a38c GetProcAddress 79501->79507 79510 70a1f337 fprintf fprintf fputc fclose 79502->79510 79511 70a1f31c _errno strerror fprintf 79502->79511 79516 70a1f858 fputc 79503->79516 79504->78909 79505->79504 79506->78911 79507->78909 79514 70a1a3a8 GetProcAddress 79507->79514 79508->78909 79524 70a1f746 fputc 79509->79524 79510->78909 79511->79510 79512->78911 79513->78909 79514->78909 79521 70a1a3c4 GetProcAddress 79514->79521 79522 70a1f225 fprintf fprintf fputc fclose 79515->79522 79523 70a1f20a _errno strerror fprintf 79515->79523 79516->78911 79517->78909 79528 70a1f0e5 fprintf fprintf fputc fclose 79518->79528 79529 70a1f0ca _errno strerror fprintf 79518->79529 79519->78909 79519->78952 79536 70a1f606 fputc 79520->79536 79521->78909 79522->78909 79523->79522 79524->78911 79525->78909 79534 70a1efd3 fprintf fprintf fputc fclose 79526->79534 79535 70a1efb8 _errno strerror fprintf 79526->79535 79542 70a1f4f4 fputc 79527->79542 79528->78909 79529->79528 79540 70a1ee93 fprintf fprintf fputc fclose 79531->79540 79541 70a1ee78 _errno strerror fprintf 79531->79541 79547 70a1f3b4 fputc 79532->79547 79533->78909 79533->78952 79534->78909 79535->79534 79536->78911 79537->78909 79555 70a1f2a2 fputc 79539->79555 79540->78909 79541->79540 79542->78911 79543->78909 79553 70a1ed81 fprintf fprintf fputc fclose 79546->79553 79554 70a1ed66 _errno strerror fprintf 79546->79554 79547->78911 79548->78909 79559 70a1ec41 fprintf fprintf fputc fclose 79549->79559 79560 70a1ec26 _errno strerror fprintf 79549->79560 79568 70a1f162 fputc 79550->79568 79553->78909 79554->79553 79555->78911 79556->78909 79566 70a1eb14 _errno strerror fprintf 79557->79566 79567 70a1eb2f fprintf fprintf fputc fclose 79557->79567 79576 70a1f050 fputc 79558->79576 79559->78909 79560->79559 79573 70a1e9d4 _errno strerror fprintf 79563->79573 79574 70a1e9ef fprintf fprintf fputc fclose 79563->79574 79580 70a1ef10 fputc 79564->79580 79565->78901 79590 70a1b299 79565->79590 79566->79567 79567->78909 79568->78911 79569->78909 79587 70a1edfe fputc 79572->79587 79573->79574 79574->78909 79575->78952 79576->78911 79577->78909 79580->78911 79581->78909 79601 70a1ecbe fputc 79583->79601 79593 70a1e8c2 _errno strerror fprintf 79584->79593 79594 70a1e8dd fprintf fprintf fputc fclose 79584->79594 79587->78911 79588->78952 79590->78977 79598 70a1b2b8 _errno 79590->79598 79826 70a04230 7 API calls 79590->79826 79607 70a1ebac fputc 79591->79607 79599 70a1e781 fprintf fprintf fputc fclose 79592->79599 79600 70a1e766 _errno strerror fprintf 79592->79600 79593->79594 79594->78909 79595->78909 79612 70a1ea6c fputc 79596->79612 79603 70a1e654 _errno strerror fprintf 79597->79603 79604 70a1e66f fprintf fprintf fputc fclose 79597->79604 79605 70a1c497 _errno strerror fprintf 79598->79605 79598->79606 79599->78909 79600->79599 79601->78911 79610 70a1e4f7 fprintf fprintf fputc fclose 79602->79610 79611 70a1e4dc _errno strerror fprintf 79602->79611 79603->79604 79604->78909 79605->78986 79606->78917 79607->78911 79608->78909 79619 70a1e95a fputc 79609->79619 79610->78909 79611->79610 79612->78911 79613->78909 79617 70a1e3e5 fprintf fprintf fputc fclose 79614->79617 79618 70a1e3ca _errno strerror fprintf 79614->79618 79615->78909 79626 70a1e7fe fputc 79616->79626 79617->78909 79618->79617 79619->78911 79620->78909 79627 70a1e6ec fputc 79621->79627 79624 70a1e252 _errno strerror fprintf 79622->79624 79625 70a1e26d fprintf fprintf fputc fclose 79622->79625 79630 70a1e574 fputc 79623->79630 79624->79625 79625->78909 79626->78911 79627->78911 79628->78909 79631 70a1e462 fputc 79629->79631 79630->78911 79631->78911 79633 70a1e2ea fputc 79632->79633 79633->78911 79635 70a2da25 79634->79635 79638 70a2d872 79634->79638 79830 70a2d400 __iob_func abort 79635->79830 79638->78952 79640 70a2dce8 79639->79640 79641 70a2deff 79639->79641 79642 70a2dcf7 memcmp 79640->79642 79652 70a2de02 79640->79652 79831 70a2d400 __iob_func abort 79641->79831 79644 70a2dd10 memcmp 79642->79644 79642->79652 79646 70a2dd2f memcmp 79644->79646 79644->79652 79647 70a2dd4f memcmp 79646->79647 79646->79652 79648 70a2dd6f memcmp 79647->79648 79647->79652 79649 70a2dd8f memcmp 79648->79649 79648->79652 79650 70a2ddaf memcmp 79649->79650 79649->79652 79651 70a2ddcf memcmp 79650->79651 79650->79652 79651->79640 79651->79652 79652->78952 79654 70a2dca7 79653->79654 79655 70a2da58 79653->79655 79832 70a2d400 __iob_func abort 79654->79832 79657 70a2da67 memcmp 79655->79657 79666 70a2db75 79655->79666 79658 70a2da80 memcmp 79657->79658 79657->79666 79660 70a2daa2 memcmp 79658->79660 79658->79666 79661 70a2dac2 memcmp 79660->79661 79660->79666 79662 70a2dae2 memcmp 79661->79662 79661->79666 79663 70a2db02 memcmp 79662->79663 79662->79666 79664 70a2db22 memcmp 79663->79664 79663->79666 79665 70a2db42 memcmp 79664->79665 79664->79666 79665->79655 79665->79666 79666->78952 79668 70a2d6f1 79667->79668 79669 70a2d5d6 79667->79669 79833 70a2d400 __iob_func abort 79668->79833 79671 70a2d5e8 strcmp 79669->79671 79673 70a2d612 strcmp 79669->79673 79674 70a2d631 strcmp 79669->79674 79675 70a2d650 strcmp 79669->79675 79676 70a2d66f strcmp 79669->79676 79677 70a2d68a strcmp 79669->79677 79678 70a2d6a5 strcmp 79669->79678 79679 70a2d6c0 strcmp 79669->79679 79680 70a2d6df 79669->79680 79671->79669 79671->79680 79673->79669 79673->79680 79674->79669 79674->79680 79675->79669 79675->79680 79676->79669 79676->79680 79677->79669 79677->79680 79678->79669 79678->79680 79679->79669 79679->79680 79680->78952 79682 70a2d838 79681->79682 79690 70a2d726 79681->79690 79834 70a2d400 __iob_func abort 79682->79834 79684 70a2d738 strcmp 79686 70a2d826 79684->79686 79684->79690 79686->78952 79687 70a2d75c strcmp 79687->79686 79687->79690 79688 70a2d778 strcmp 79688->79686 79688->79690 79689 70a2d797 strcmp 79689->79686 79689->79690 79690->79684 79690->79686 79690->79687 79690->79688 79690->79689 79691 70a2d7b6 strcmp 79690->79691 79692 70a2d7d1 strcmp 79690->79692 79693 70a2d7ec strcmp 79690->79693 79694 70a2d807 strcmp 79690->79694 79691->79686 79691->79690 79692->79686 79692->79690 79693->79686 79693->79690 79694->79686 79694->79690 79696 70a70bee 79695->79696 79835 70a70db9 79696->79835 79698 70a70c23 exit 79700 70a70c3e 79698->79700 79699 70a70bf3 79699->79698 79838 70a70de0 GetCurrentThread GetThreadContext 79699->79838 79700->78952 79702 70a70c05 79702->79698 79703 70a70c09 79702->79703 79703->78952 79845 70a6ffb0 79704->79845 79706 70a04a15 79707 70a04a25 free 79706->79707 79708 70a04a63 79706->79708 79720 70a05fd0 79707->79720 79860 70a04230 7 API calls 79708->79860 79710 70a04a76 79711 70a04b20 fprintf 79710->79711 79712 70a04a82 _errno 79710->79712 79716 70a04ae8 fprintf 79711->79716 79713 70a04b54 _errno strerror fprintf 79712->79713 79714 70a04a96 79712->79714 79713->79714 79717 70a04aba fprintf fputc fclose 79714->79717 79719 70a04b0b fputc 79716->79719 79717->79716 79719->79707 79721 70a05ff2 79720->79721 79744 70a06074 79720->79744 79722 70a06110 malloc 79721->79722 79723 70a06010 79721->79723 79724 70a0612a memcpy 79722->79724 79725 70a061b1 malloc 79723->79725 79727 70a0602e 79723->79727 79724->78952 79725->79724 79726 70a060fa 79726->78952 79727->79726 79729 70a06150 malloc 79727->79729 79730 70a0605f getenv 79727->79730 79729->79724 79730->79744 79732 70a060e8 free 79732->79726 79733 70a064e1 _errno 79737 70a066b3 _errno strerror fprintf 79733->79737 79738 70a064ef fprintf fprintf fputc fclose 79733->79738 79734 70a0617c free 79739 70a06184 79734->79739 79735 70a0631c _errno 79735->79744 79736 70a06420 _access 79736->79744 79737->79744 79781 70a060d1 79738->79781 79742 70a06195 79739->79742 79751 70a061f8 79739->79751 79740 70a06340 free 79740->79781 79741 70a061f1 free 79741->79739 79754 70a061a4 _errno 79742->79754 79755 70a0664e _errno strerror 79742->79755 79743 70a06617 fprintf 79743->79781 79744->79735 79744->79736 79746 70a06585 getenv 79744->79746 79747 70a0635d strlen strlen malloc 79744->79747 79748 70a067fe 79744->79748 79753 70a0644e 79744->79753 79757 70a065ae getenv 79744->79757 79744->79781 79746->79744 79752 70a065c6 79747->79752 79747->79781 79954 70a04230 7 API calls 79748->79954 79749 70a0654f fprintf 79762 70a06564 fputc 79749->79762 79750 70a06217 _errno 79758 70a0623a 8 API calls 79750->79758 79759 70a0621f _errno strerror fprintf 79750->79759 79751->79750 79768 70a0668a fprintf 79751->79768 79948 70a04230 7 API calls 79751->79948 79760 70a06719 79752->79760 79767 70a065db 79752->79767 79951 70a04900 15 API calls 79753->79951 79754->79726 79755->79767 79757->79747 79757->79752 79770 70a062b2 fprintf 79758->79770 79759->79758 79953 70a04230 7 API calls 79760->79953 79762->79744 79763 70a06811 79765 70a0689c 79763->79765 79766 70a0681d _errno 79763->79766 79764 70a06459 free 79764->79726 79772 70a0646d 79764->79772 79780 70a068e3 fprintf 79765->79780 79787 70a068aa fprintf 79765->79787 79773 70a06846 fprintf fprintf fputc fclose 79766->79773 79774 70a0682b _errno strerror fprintf 79766->79774 79767->79754 79768->79737 79784 70a062ca fputc 79770->79784 79778 70a06930 79772->79778 79779 70a0647a 79772->79779 79773->79765 79774->79773 79775 70a0672c 79776 70a06738 _errno 79775->79776 79777 70a06795 79775->79777 79782 70a06910 _errno strerror fprintf 79776->79782 79783 70a06743 fprintf fprintf fputc fclose 79776->79783 79786 70a067d8 fprintf 79777->79786 79797 70a067a3 fprintf 79777->79797 79955 70a04230 7 API calls 79778->79955 79779->79754 79790 70a06490 _errno strerror 79779->79790 79780->79765 79781->79732 79781->79733 79781->79734 79781->79740 79781->79741 79781->79743 79781->79746 79781->79747 79781->79749 79947 70a04900 15 API calls 79781->79947 79949 70a05f60 6 API calls 79781->79949 79950 70a04900 15 API calls 79781->79950 79952 70a04230 7 API calls 79781->79952 79782->79778 79783->79777 79784->79744 79786->79777 79798 70a068c3 fputc 79787->79798 79789 70a06943 79792 70a06a0b fprintf 79789->79792 79793 70a0694f _errno 79789->79793 79799 70a064bd 79790->79799 79791 70a063f8 free 79791->79739 79794 70a0640c 79791->79794 79800 70a069c3 _errno strerror 79792->79800 79795 70a06961 6 API calls 79793->79795 79796 70a06a49 _errno strerror fprintf 79793->79796 79794->79726 79795->79800 79802 70a067b8 fputc 79797->79802 79798->79765 79799->79754 79803 70a069dd fprintf 79800->79803 79802->79777 79804 70a069f9 fputc 79803->79804 79804->79792 79806 70a05fd0 103 API calls 79805->79806 79807 70a0da2a 79806->79807 79808 70a0da80 79807->79808 79809 70a0da32 79807->79809 79810 70a0daa0 79808->79810 79811 70a0da91 _errno 79808->79811 79956 70a0a7b0 79809->79956 80372 70a04230 7 API calls 79810->80372 79814 70a0da74 79811->79814 79814->78952 79816 70a0dab3 79817 70a0db4c fprintf 79816->79817 79818 70a0dabf _errno 79816->79818 79822 70a0db1a fprintf 79817->79822 79819 70a0db80 _errno strerror fprintf 79818->79819 79820 70a0dacb fprintf fprintf fputc fclose 79818->79820 79819->79820 79820->79822 79824 70a0db3a fputc 79822->79824 79824->79811 79825->78997 79826->79590 79827->78909 79828->78952 79829->79096 79841 70a70c90 79835->79841 79839 70a70e1e GetCurrentThread SetThreadContext 79838->79839 79839->79702 79842 70a70ca4 79841->79842 79843 70a70cf2 79842->79843 79844 70a70cd7 NtSetInformationThread 79842->79844 79843->79699 79844->79843 79861 70a70f40 79845->79861 79847 70a70002 malloc 79848 70a70023 memcpy 79847->79848 79849 70a700de 79847->79849 79848->79849 79859 70a70045 79848->79859 79849->79706 79851 70a77660 abort 79851->79859 79852 70a7bf10 fwrite abort 79852->79859 79859->79849 79859->79851 79859->79852 79862 70a94120 79859->79862 79890 70a75cf0 79859->79890 79913 70a76e80 79859->79913 79917 70a7c3e0 fwrite abort 79859->79917 79918 70a75ec0 free UnmapViewOfFile GetLastError _errno 79859->79918 79919 70a76e80 abort 79859->79919 79920 70a775c0 abort 79859->79920 79860->79710 79861->79847 79863 70a9413c 79862->79863 79882 70a942f9 79862->79882 79864 70a942e0 79863->79864 79866 70a942b9 79863->79866 79867 70a9415a 79863->79867 79869 70a94ed0 9 API calls 79864->79869 79864->79882 79925 70a94ed0 79866->79925 79938 70a82d40 fwrite abort abort memset abort 79867->79938 79869->79882 79870 70a943b9 memset 79870->79882 79873 70a70fe0 free 79873->79882 79874 70a94245 79876 70a94257 79874->79876 79874->79882 79875 70a9425d 79921 70a96550 79875->79921 79876->79875 79879 70a94283 79876->79879 79878 70a94185 79878->79874 79883 70a9427a 79878->79883 79888 70a941d8 79878->79888 79941 70a70fe0 79879->79941 79880 70a94270 79880->79883 79884 70a96550 VirtualProtect 79880->79884 79882->79870 79882->79873 79882->79875 79944 70a7ac80 11 API calls 79882->79944 79945 70a949c0 memcpy free 79882->79945 79883->79859 79886 70a942ac 79884->79886 79886->79859 79887 70a94ed0 9 API calls 79887->79888 79888->79874 79888->79878 79888->79887 79939 70a950a0 UnmapViewOfFile GetLastError _errno 79888->79939 79940 70a82d40 fwrite abort abort memset abort 79888->79940 79891 70a70fe0 free 79890->79891 79892 70a75d1e 79891->79892 79893 70a70fe0 free 79892->79893 79894 70a75d2b 79893->79894 79895 70a70fe0 free 79894->79895 79896 70a75d48 79895->79896 79897 70a70fe0 free 79896->79897 79898 70a75d58 79897->79898 79899 70a70fe0 free 79898->79899 79900 70a75d68 79899->79900 79901 70a70fe0 free 79900->79901 79902 70a75d78 79901->79902 79903 70a70fe0 free 79902->79903 79904 70a75d88 79903->79904 79905 70a75ddf 79904->79905 79907 70a70fe0 free 79904->79907 79906 70a70fe0 free 79905->79906 79909 70a75deb 79906->79909 79907->79904 79908 70a75e41 79910 70a70fe0 free 79908->79910 79909->79908 79912 70a70fe0 free 79909->79912 79911 70a75e4d 79910->79911 79912->79909 79914 70a76ea5 79913->79914 79915 70a76e9d 79913->79915 79914->79859 79915->79914 79946 70a76840 abort 79915->79946 79917->79859 79918->79859 79919->79859 79920->79859 79922 70a9655a 79921->79922 79923 70a96586 VirtualProtect 79922->79923 79924 70a9659e 79922->79924 79923->79924 79924->79880 79926 70a94eea 79925->79926 79927 70a94f27 _errno 79926->79927 79931 70a95088 79926->79931 79928 70a94f3f 79927->79928 79929 70a94ff0 _errno 79927->79929 79928->79929 79932 70a94f52 79928->79932 79930 70a94fff 79929->79930 79930->79864 79933 70a94f63 CreateFileMappingA 79932->79933 79934 70a95054 _get_osfhandle 79932->79934 79935 70a94fc8 GetLastError _errno 79933->79935 79936 70a94f93 MapViewOfFile CloseHandle 79933->79936 79934->79933 79937 70a9506e _errno 79934->79937 79935->79864 79936->79930 79936->79935 79937->79930 79938->79878 79939->79888 79940->79888 79942 70a70ff0 free 79941->79942 79943 70a70ffd 79941->79943 79942->79943 79943->79880 79944->79882 79945->79882 79946->79914 79947->79781 79948->79751 79949->79781 79950->79791 79951->79764 79952->79781 79953->79775 79954->79763 79955->79789 79957 70a0a7c6 79956->79957 79958 70a05fd0 103 API calls 79957->79958 79959 70a0a7f7 79958->79959 79960 70a0afd0 79959->79960 79961 70a0a803 79959->79961 79962 70a0acd4 _errno 79960->79962 79963 70a0afe7 79960->79963 80373 70a2bd40 79961->80373 79966 70a0ad43 free 79962->79966 80533 70a04230 7 API calls 79963->80533 79966->79814 79968 70a0affa 79970 70a0c7f0 fprintf 79968->79970 79971 70a0b006 _errno 79968->79971 79969 70a0bea1 free 79974 70a0c6e8 79969->79974 80019 70a0acc5 79969->80019 79993 70a0c850 79970->79993 79975 70a0b014 fprintf fputc fclose 79971->79975 79976 70a0ce6e _errno strerror fprintf 79971->79976 79972 70a0ac80 79981 70a0aca0 free free 79972->79981 79973 70a0a83a strncmp 79978 70a0a8b0 79973->79978 79979 70a0a89a strchr 79973->79979 80205 70a0b840 79974->80205 80556 70a04230 7 API calls 79974->80556 79986 70a0b05b fputc 79975->79986 79987 70a0ce8e fprintf 79976->79987 79984 70a0a420 55 API calls 79978->79984 79979->79978 79983 70a0c2e1 79979->79983 80093 70a0acb0 79981->80093 79982 70a0c715 79988 70a0c721 _errno 79982->79988 79989 70a0ccc6 fprintf 79982->79989 79985 70a0c2f8 79983->79985 79983->80019 79990 70a0a8ef 79984->79990 80553 70a04230 7 API calls 79985->80553 79986->79962 80006 70a0b531 fprintf 79987->80006 79995 70a0d201 _errno strerror fprintf 79988->79995 79996 70a0c72d fprintf 79988->79996 80012 70a0ccfd 79989->80012 79991 70a0ad62 free 79990->79991 79992 70a0a8fb 79990->79992 79991->80093 80403 70a30380 79992->80403 79998 70a0c867 79993->79998 80215 70a0bc2a 79993->80215 79995->80205 80557 70a2df20 79996->80557 80559 70a04230 7 API calls 79998->80559 79999 70a0c30b 80005 70a0c317 _errno 79999->80005 80058 70a0d105 79999->80058 80009 70a0c321 _errno strerror fprintf 80005->80009 80010 70a0c33c fprintf fprintf fputc fclose 80005->80010 80032 70a0b551 fputc 80006->80032 80007 70a0c758 fprintf fputc fclose 80011 70a0c78d 80007->80011 80008 70a0c87a 80016 70a0d415 fprintf 80008->80016 80017 70a0c886 _errno 80008->80017 80009->80010 80028 70a0c399 fprintf 80010->80028 80035 70a0c79e fprintf 80011->80035 80562 70a04230 7 API calls 80012->80562 80013 70a0b85f _errno 80022 70a0b882 fprintf 80013->80022 80023 70a0b867 _errno strerror fprintf 80013->80023 80047 70a0d44c _errno strerror fprintf 80016->80047 80025 70a0c894 fprintf fprintf fputc fclose 80017->80025 80026 70a0d74d _errno strerror fprintf 80017->80026 80019->79962 80020 70a0d14a fprintf 80020->80058 80021 70a0bc4c _errno 80021->79966 80046 70a0b8e2 80022->80046 80023->80022 80040 70a0c8f1 fprintf 80025->80040 80026->80093 80027 70a0d240 _errno 80034 70a0d251 _errno strerror fprintf 80027->80034 80027->80205 80042 70a0c3ab fputc 80028->80042 80029 70a0c923 fprintf 80043 70a0c950 memcpy 80029->80043 80030 70a0cd10 80036 70a0cd1c _errno 80030->80036 80030->80058 80032->80019 80034->80205 80048 70a0c7b3 fputc 80035->80048 80044 70a0cd41 fprintf 80036->80044 80045 70a0cd26 _errno strerror fprintf 80036->80045 80037 70a0b8ad fprintf fputc fclose 80037->80046 80038 70a0d599 fprintf 80038->80205 80039 70a0a974 80039->79981 80064 70a0a97c 80039->80064 80052 70a0c903 fputc 80040->80052 80041 70a0d27a fprintf fprintf fputc fclose 80041->80205 80042->80019 80043->80093 80084 70a0cd8b 80044->80084 80045->80044 80046->80037 80053 70a0b8f3 fprintf 80046->80053 80055 70a0d46c 80047->80055 80057 70a0c7c5 80048->80057 80049 70a0d113 fprintf 80049->80058 80050 70a0d181 fprintf 80050->80058 80051 70a0a98d free free 80054 70a0a9ac 80051->80054 80051->80093 80052->80215 80068 70a0b908 fputc 80053->80068 80061 70a0a9b5 strncmp 80054->80061 80054->80093 80565 70a04230 7 API calls 80055->80565 80056 70a0d2c9 fprintf 80073 70a0d2db fputc 80056->80073 80558 70a04230 7 API calls 80057->80558 80058->80020 80058->80049 80058->80050 80067 70a0d1b8 fprintf 80058->80067 80059 70a0d5d7 fprintf 80075 70a0d600 _errno strerror fprintf 80059->80075 80060 70a0bd19 strncmp 80060->79966 80060->80093 80069 70a0a9dd strncmp 80061->80069 80104 70a0aeb0 80061->80104 80062 70a0bf57 80062->80019 80547 70a04230 7 API calls 80062->80547 80064->80051 80072 70a04a00 48 API calls 80064->80072 80086 70a0d1e1 _errno strerror fprintf 80067->80086 80068->80093 80076 70a0ad74 atof _time64 80069->80076 80077 70a0a9fa 80069->80077 80070 70a0b7b9 strncmp 80070->80062 80070->80093 80071 70a0d47f 80079 70a0d70c fprintf 80071->80079 80080 70a0d48b _errno 80071->80080 80081 70a0ae67 80072->80081 80091 70a0d2ed free 80073->80091 80074 70a0c7d8 80082 70a0c7e4 _errno 80074->80082 80083 70a0cc8f fprintf 80074->80083 80098 70a0d620 _errno strerror fprintf 80075->80098 80095 70a0b563 80076->80095 80096 70a0add6 80076->80096 80087 70a0aa06 strncmp 80077->80087 80077->80093 80112 70a0c179 fprintf 80079->80112 80089 70a0c12a fprintf fprintf fputc fclose 80080->80089 80090 70a0d9b8 _errno strerror fprintf 80080->80090 80081->80051 80082->79970 80082->80086 80083->79989 80563 70a04230 7 API calls 80084->80563 80086->79995 80099 70a0aa29 80087->80099 80116 70a0aa4a 80087->80116 80088 70a0bf9a 80100 70a0bfa6 _errno 80088->80100 80101 70a0ce37 fprintf 80088->80101 80089->80112 80108 70a0d9d8 _errno strerror fprintf 80090->80108 80103 70a0d640 80091->80103 80091->80215 80093->79966 80093->80019 80093->80060 80093->80062 80093->80070 80093->80079 80094 70a0b708 _errno 80093->80094 80093->80205 80094->79966 80113 70a0b571 80095->80113 80114 70a0ba62 80095->80114 80096->80019 80096->80093 80122 70a0bb50 80096->80122 80098->80103 80115 70a0be80 _time64 80099->80115 80099->80116 80110 70a0bfb0 _errno strerror fprintf 80100->80110 80111 70a0bfcb 80100->80111 80101->79976 80134 70a0d8a5 fprintf 80103->80134 80135 70a0d65f _errno 80103->80135 80567 70a04230 7 API calls 80103->80567 80107 70a0b2e9 80104->80107 80118 70a0aee1 80104->80118 80140 70a0b28a sprintf strstr 80104->80140 80105 70a0cd9e 80105->80058 80119 70a0cdaa _errno 80105->80119 80107->80019 80107->80057 80107->80093 80108->80093 80110->80111 80111->80019 80149 70a0bff7 80111->80149 80172 70a0c199 fputc 80112->80172 80113->79962 80154 70a0b587 _errno strerror 80113->80154 80542 70a04230 7 API calls 80114->80542 80115->79969 80116->79966 80116->80093 80117 70a0aa84 strncmp 80116->80117 80123 70a0af30 80117->80123 80124 70a0aaa9 strncmp 80117->80124 80118->80019 80125 70a0b962 80118->80125 80119->80098 80126 70a0cdb6 fprintf fprintf fputc fclose 80119->80126 80543 70a04230 7 API calls 80122->80543 80128 70a0b740 80123->80128 80129 70a0af4e 80123->80129 80139 70a0b070 80124->80139 80326 70a0aac9 80124->80326 80541 70a04230 7 API calls 80125->80541 80141 70a0ce13 fprintf 80126->80141 80127 70a0ba75 80142 70a0ba81 _errno 80127->80142 80143 70a0ca09 fprintf 80127->80143 80540 70a230c0 24 API calls 80128->80540 80161 70a0c1b0 80129->80161 80180 70a0af67 80129->80180 80131 70a0cfa8 fprintf 80203 70a0cfdf fprintf 80131->80203 80132 70a0caad _errno 80145 70a0cad2 fprintf fprintf fputc fclose 80132->80145 80146 70a0cab7 _errno strerror fprintf 80132->80146 80210 70a0d8dc fprintf 80134->80210 80135->80108 80148 70a0d66a fprintf fprintf fputc fclose 80135->80148 80136 70a0bc7f _errno 80151 70a0d0e5 _errno strerror fprintf 80136->80151 80152 70a0bc8b fprintf fprintf fputc fclose 80136->80152 80150 70a0b091 80139->80150 80296 70a0c442 80139->80296 80157 70a0b2c3 strcmp 80140->80157 80158 70a0d054 strstr 80140->80158 80179 70a0ce25 fputc 80141->80179 80159 70a0ba90 _errno strerror fprintf 80142->80159 80160 70a0baab 8 API calls 80142->80160 80163 70a0ca57 fprintf 80143->80163 80182 70a0cb2f fprintf 80145->80182 80146->80145 80147 70a0bb63 80147->80163 80164 70a0bb6f _errno 80147->80164 80186 70a0d6c7 fprintf 80148->80186 80548 70a04230 7 API calls 80149->80548 80167 70a0b09c 80150->80167 80168 70a0b100 80150->80168 80151->80058 80189 70a0bce8 fprintf 80152->80189 80153 70a0d7d1 _errno 80171 70a0d7d8 _errno strerror fprintf 80153->80171 80153->80205 80154->80019 80155 70a0b975 80173 70a0b981 _errno 80155->80173 80174 70a0c968 fprintf 80155->80174 80156 70a0aad2 strncmp 80175 70a0b3c0 80156->80175 80176 70a0aaf8 strncmp 80156->80176 80157->80107 80157->80118 80158->80157 80170 70a0d071 strstr 80158->80170 80159->80160 80198 70a0bb20 fprintf 80160->80198 80161->80019 80192 70a0c1c7 80161->80192 80162 70a0b755 80162->80019 80162->80093 80554 70a04230 7 API calls 80162->80554 80163->80205 80183 70a0bb94 fprintf fprintf fputc fclose 80164->80183 80184 70a0bb79 _errno strerror fprintf 80164->80184 80165 70a0cb61 fprintf 80200 70a0cb8a 80165->80200 80534 70a230c0 24 API calls 80167->80534 80190 70a0b113 80168->80190 80204 70a0c0d3 80168->80204 80170->80157 80191 70a0d08e strstr 80170->80191 80171->80205 80172->80019 80193 70a0cf51 _errno strerror fprintf 80173->80193 80194 70a0b98d fprintf fprintf fputc fclose 80173->80194 80237 70a0c99f 80174->80237 80536 70a230c0 24 API calls 80175->80536 80195 70a0b5b2 80176->80195 80196 70a0ab18 strncmp 80176->80196 80179->80101 80532 70a22f50 60 API calls 80180->80532 80181 70a0d98f fprintf 80181->80090 80212 70a0cb41 fputc 80182->80212 80213 70a0bbf1 fprintf 80183->80213 80184->80183 80214 70a0d6d9 fputc 80186->80214 80187 70a0c00a 80187->79987 80201 70a0c016 _errno 80187->80201 80223 70a0bcfa fputc 80189->80223 80190->80237 80311 70a0b0b4 80190->80311 80191->80157 80551 70a04230 7 API calls 80192->80551 80217 70a0cf71 fprintf 80193->80217 80227 70a0b9f1 fprintf 80194->80227 80538 70a230c0 24 API calls 80195->80538 80209 70a0ab35 strncmp 80196->80209 80196->80326 80229 70a0bb35 fputc 80198->80229 80200->80205 80200->80215 80218 70a0b258 fprintf fprintf fputc fclose 80201->80218 80219 70a0c01e _errno strerror fprintf 80201->80219 80202 70a0da02 80265 70a0d016 fprintf 80203->80265 80204->80019 80222 70a0c0e8 80204->80222 80205->80013 80205->80027 80205->80029 80205->80038 80205->80041 80205->80056 80205->80059 80205->80131 80205->80132 80205->80136 80205->80153 80205->80165 80205->80181 80232 70a04230 7 API calls 80205->80232 80238 70a0d814 fprintf 80205->80238 80262 70a0d351 _errno 80205->80262 80209->80093 80228 70a0ab52 strchr 80209->80228 80210->80006 80211 70a0af88 80211->80043 80230 70a0af90 80211->80230 80212->80205 80246 70a0bc03 fputc 80213->80246 80214->80093 80215->80021 80217->80131 80218->80006 80219->80218 80220 70a0b0bc 80220->80019 80220->80055 80221 70a0c5a9 80221->80019 80555 70a04230 7 API calls 80221->80555 80550 70a04230 7 API calls 80222->80550 80223->80093 80225 70a0b5dc 80239 70a0ba20 80225->80239 80240 70a0b5e7 80225->80240 80226 70a0c1da 80226->80203 80241 70a0c1e6 _errno 80226->80241 80257 70a0ba0a fputc 80227->80257 80242 70a0bc15 80228->80242 80243 70a0ab6d 80228->80243 80229->80122 80230->80019 80245 70a0cec5 80230->80245 80231 70a0c428 80231->80058 80249 70a0c434 _errno 80231->80249 80232->80205 80234 70a0c4e2 isxdigit 80234->80221 80234->80296 80237->80019 80256 70a0c9b4 80237->80256 80238->80205 80239->80019 80258 70a0cbca 80239->80258 80240->80111 80240->80240 80283 70a0b63e strncmp 80240->80283 80254 70a0d4e0 _errno strerror fprintf 80241->80254 80255 70a0c1f4 fprintf fprintf fputc fclose 80241->80255 80242->80012 80242->80215 80259 70a0ab7a strchr 80243->80259 80304 70a0c670 strchr 80243->80304 80564 70a04230 7 API calls 80245->80564 80246->80242 80247 70a0bf00 80247->80019 80546 70a04230 7 API calls 80247->80546 80248 70a0b3ea 80248->80093 80248->80247 80261 70a0b44c strncmp 80248->80261 80249->80075 80249->80296 80251 70a0c0fb 80251->80217 80266 70a0c107 _errno 80251->80266 80252 70a0c3c0 80252->80019 80252->80084 80284 70a0ac3b 80254->80284 80285 70a0c243 fprintf 80255->80285 80560 70a04230 7 API calls 80256->80560 80257->80239 80561 70a04230 7 API calls 80258->80561 80259->79993 80271 70a0ab97 80259->80271 80261->80247 80275 70a0b464 80261->80275 80276 70a0d885 _errno strerror fprintf 80262->80276 80277 70a0d35d fprintf fprintf fputc fclose 80262->80277 80264 70a0c4ff isxdigit 80264->80221 80264->80296 80265->80006 80266->80089 80279 70a0c10f _errno strerror fprintf 80266->80279 80267 70a0c275 80267->80019 80287 70a0c28a 80267->80287 80268 70a0c5d8 80281 70a0d554 fprintf 80268->80281 80282 70a0c5e4 _errno 80268->80282 80271->80200 80317 70a0abae 80271->80317 80274 70a0ced8 80291 70a0cee4 _errno 80274->80291 80292 70a0d3de fprintf 80274->80292 80275->80019 80275->80093 80321 70a0b49e 80275->80321 80276->80134 80308 70a0d3ba fprintf 80277->80308 80278 70a0cbdd 80294 70a0cbe9 _errno 80278->80294 80295 70a0d0ae fprintf 80278->80295 80279->80089 80280 70a0c080 80280->80019 80293 70a0c095 80280->80293 80281->80205 80282->80019 80298 70a0c5ec _errno strerror fprintf 80282->80298 80283->80111 80299 70a0b656 80283->80299 80371 70a0ac52 80284->80371 80566 70a04230 7 API calls 80284->80566 80340 70a0c263 fputc 80285->80340 80286 70a0c9c7 80301 70a0c9d3 _errno 80286->80301 80302 70a0d4a9 fprintf 80286->80302 80552 70a04230 7 API calls 80287->80552 80288 70a0c6d3 atof 80288->79974 80288->80093 80289 70a0c6b5 atof 80289->80093 80289->80304 80290 70a0bf28 80290->80044 80305 70a0bf34 _errno 80290->80305 80291->80255 80306 70a0ceec _errno strerror fprintf 80291->80306 80292->80285 80549 70a04230 7 API calls 80293->80549 80309 70a0cbf3 _errno strerror fprintf 80294->80309 80310 70a0cc0e fprintf fprintf fputc fclose 80294->80310 80295->80151 80296->79970 80296->80143 80296->80202 80296->80221 80296->80234 80296->80264 80296->80326 80343 70a0c577 memcmp 80296->80343 80297 70a0bddb strncmp 80297->80280 80297->80326 80298->80019 80299->80093 80328 70a0b679 80299->80328 80301->80089 80314 70a0c9db _errno strerror fprintf 80301->80314 80302->80112 80304->80288 80304->80289 80305->80062 80320 70a0bf3c _errno strerror fprintf 80305->80320 80306->80255 80335 70a0d3cc fputc 80308->80335 80309->80310 80336 70a0cc6b fprintf 80310->80336 80311->80220 80311->80267 80311->80326 80312 70a0d513 80312->80205 80329 70a0d51f _errno 80312->80329 80314->80089 80316 70a0c29d 80316->80265 80318 70a0c2a9 _errno 80316->80318 80531 70a04900 15 API calls 80317->80531 80318->80218 80330 70a0c2b3 _errno strerror fprintf 80318->80330 80320->80062 80537 70a04230 7 API calls 80321->80537 80322 70a0c0a8 80333 70a0c0b4 _errno 80322->80333 80334 70a0cf1a fprintf 80322->80334 80326->80093 80326->80156 80326->80221 80326->80252 80326->80280 80326->80297 80337 70a0be15 80326->80337 80351 70a0b200 80326->80351 80544 70a230c0 24 API calls 80326->80544 80328->80019 80338 70a0b68e 80328->80338 80329->80205 80339 70a0d526 _errno strerror fprintf 80329->80339 80330->80218 80331 70a0abbb 80331->80091 80341 70a0abca free 80331->80341 80333->80047 80333->80218 80334->80006 80335->80292 80350 70a0cc7d fputc 80336->80350 80337->80019 80344 70a0be2a 80337->80344 80539 70a04230 7 API calls 80338->80539 80339->80205 80340->80019 80341->80265 80346 70a0abde 80341->80346 80342 70a0b4b1 80348 70a0d94a fprintf 80342->80348 80349 70a0b4bd _errno 80342->80349 80343->80296 80545 70a04230 7 API calls 80344->80545 80346->80265 80364 70a0ac0b free atof 80346->80364 80348->80205 80349->80218 80354 70a0b4c4 _errno strerror fprintf 80349->80354 80350->80083 80351->80019 80355 70a0b217 80351->80355 80353 70a0b6a1 80357 70a0d913 fprintf 80353->80357 80358 70a0b6ad _errno 80353->80358 80354->80218 80535 70a04230 7 API calls 80355->80535 80356 70a0be3d 80356->80210 80361 70a0be49 _errno 80356->80361 80357->80006 80358->80218 80362 70a0b6b4 _errno strerror fprintf 80358->80362 80361->80218 80366 70a0be50 _errno strerror fprintf 80361->80366 80362->80218 80364->80093 80364->80284 80365 70a0b22a 80367 70a0b236 _errno 80365->80367 80368 70a0d77b fprintf 80365->80368 80366->80218 80367->80218 80369 70a0b23d _errno strerror fprintf 80367->80369 80368->80006 80369->80218 80371->80021 80372->79816 80374 70a2bd51 80373->80374 80375 70a2c16a 80373->80375 80376 70a2c151 80374->80376 80387 70a0a820 80374->80387 80568 70a2d400 __iob_func abort 80374->80568 80570 70a2d400 __iob_func abort 80375->80570 80569 70a2d400 __iob_func abort 80376->80569 80387->79969 80387->79972 80387->79973 80404 70a303a0 80403->80404 80405 70a307fc 80403->80405 80406 70a307e3 80404->80406 80408 70a303bb 80404->80408 80409 70a307ca 80404->80409 80578 70a2d400 __iob_func abort 80405->80578 80406->80405 80577 70a2d400 __iob_func abort 80406->80577 80418 70a0a916 80408->80418 80419 70a30415 calloc 80408->80419 80576 70a2d400 __iob_func abort 80409->80576 80418->79981 80446 70a30fc0 80418->80446 80422 70a30434 80419->80422 80427 70a30518 80419->80427 80571 70a334c0 6 API calls 80422->80571 80424 70a3046a 80425 70a304e0 80424->80425 80426 70a3046e 80424->80426 80573 70a33350 __iob_func abort calloc free 80425->80573 80572 70a33350 __iob_func abort calloc free 80426->80572 80432 70a305d3 80427->80432 80433 70a30740 80427->80433 80441 70a304c4 80427->80441 80432->80441 80574 70a33350 __iob_func abort calloc free 80432->80574 80433->80441 80575 70a33350 __iob_func abort calloc free 80433->80575 80434 70a304ce free 80434->80418 80441->80434 80447 70a3125b 80446->80447 80450 70a30fff 80446->80450 80583 70a2d400 __iob_func abort 80447->80583 80449 70a31242 80582 70a2d400 __iob_func abort 80449->80582 80450->80449 80451 70a31229 80450->80451 80454 70a31210 80450->80454 80463 70a3101a 80450->80463 80581 70a2d400 __iob_func abort 80451->80581 80453 70a31274 memcmp 80456 70a3128a 80453->80456 80457 70a3117e free 80453->80457 80580 70a2d400 __iob_func abort 80454->80580 80456->80457 80459 70a31186 free 80457->80459 80461 70a31195 80459->80461 80460 70a0a968 80485 70a30310 80460->80485 80461->80459 80462 70a36f00 22 API calls 80461->80462 80462->80461 80463->80460 80464 70a31094 malloc 80463->80464 80464->80460 80465 70a310ab 80464->80465 80465->80459 80466 70a310ea free 80465->80466 80467 70a310fe 80465->80467 80466->80460 80467->80461 80468 70a31107 malloc 80467->80468 80468->80459 80469 70a31139 80468->80469 80579 70a37b90 memcpy 80469->80579 80471 70a31168 80471->80457 80472 70a31173 80471->80472 80473 70a311e1 80471->80473 80472->80453 80472->80457 80473->80461 80584 70a328a0 __iob_func abort 80473->80584 80475 70a31391 80476 70a313db 80475->80476 80585 70a328a0 __iob_func abort 80475->80585 80480 70a3147d free 80476->80480 80586 70a33ba0 __iob_func abort 80476->80586 80479 70a313f8 80479->80480 80481 70a313ff 80479->80481 80481->80457 80482 70a3142d memcmp 80481->80482 80482->80457 80483 70a3144f 80482->80483 80483->80457 80484 70a3145d memcmp 80483->80484 80484->80456 80484->80457 80486 70a30364 80485->80486 80487 70a3031c 80485->80487 80587 70a2d400 __iob_func abort 80486->80587 80487->80039 80531->80331 80532->80211 80533->79968 80534->80311 80535->80365 80536->80248 80537->80342 80538->80225 80539->80353 80540->80162 80541->80155 80542->80127 80543->80147 80544->80326 80545->80356 80546->80290 80547->80088 80548->80187 80549->80322 80550->80251 80551->80226 80552->80316 80553->79999 80554->80231 80555->80268 80556->79982 80557->80007 80558->80074 80559->80008 80560->80286 80561->80278 80562->80030 80563->80105 80564->80274 80565->80071 80566->80312 80567->80103 80571->80424 80572->80441 80573->80427 80574->80441 80575->80441 80579->80471 80584->80475 80585->80476 80586->80479 80588 7ff6ab54ccac 80609 7ff6ab54ce7c 80588->80609 80591 7ff6ab54cdf8 80758 7ff6ab54d19c 7 API calls 2 library calls 80591->80758 80592 7ff6ab54ccc8 __scrt_acquire_startup_lock 80594 7ff6ab54ce02 80592->80594 80601 7ff6ab54cce6 __scrt_release_startup_lock 80592->80601 80759 7ff6ab54d19c 7 API calls 2 library calls 80594->80759 80596 7ff6ab54cd0b 80597 7ff6ab54ce0d __GetCurrentState 80598 7ff6ab54cd91 80615 7ff6ab54d2e4 80598->80615 80600 7ff6ab54cd96 80618 7ff6ab541000 80600->80618 80601->80596 80601->80598 80755 7ff6ab559b9c 45 API calls 80601->80755 80606 7ff6ab54cdb9 80606->80597 80757 7ff6ab54d000 7 API calls 80606->80757 80608 7ff6ab54cdd0 80608->80596 80610 7ff6ab54ce84 80609->80610 80611 7ff6ab54ce90 __scrt_dllmain_crt_thread_attach 80610->80611 80612 7ff6ab54ccc0 80611->80612 80613 7ff6ab54ce9d 80611->80613 80612->80591 80612->80592 80613->80612 80760 7ff6ab54d8f8 7 API calls 2 library calls 80613->80760 80761 7ff6ab56a540 80615->80761 80617 7ff6ab54d2fb GetStartupInfoW 80617->80600 80619 7ff6ab541009 80618->80619 80763 7ff6ab5554f4 80619->80763 80621 7ff6ab5437fb 80770 7ff6ab5436b0 80621->80770 80626 7ff6ab54c5c0 _log10_special 8 API calls 80629 7ff6ab543ca7 80626->80629 80627 7ff6ab54383c 80630 7ff6ab541c80 49 API calls 80627->80630 80628 7ff6ab54391b 80631 7ff6ab5445b0 108 API calls 80628->80631 80756 7ff6ab54d328 GetModuleHandleW 80629->80756 80632 7ff6ab54385b 80630->80632 80633 7ff6ab54392b 80631->80633 80842 7ff6ab548a20 80632->80842 80635 7ff6ab54396a 80633->80635 80869 7ff6ab547f80 80633->80869 80878 7ff6ab542710 54 API calls _log10_special 80635->80878 80637 7ff6ab54388e 80645 7ff6ab5438bb __std_exception_copy 80637->80645 80868 7ff6ab548b90 40 API calls __std_exception_copy 80637->80868 80639 7ff6ab54395d 80640 7ff6ab543984 80639->80640 80641 7ff6ab543962 80639->80641 80643 7ff6ab541c80 49 API calls 80640->80643 80642 7ff6ab5500bc 74 API calls 80641->80642 80642->80635 80646 7ff6ab5439a3 80643->80646 80647 7ff6ab548a20 14 API calls 80645->80647 80654 7ff6ab5438de __std_exception_copy 80645->80654 80651 7ff6ab541950 115 API calls 80646->80651 80647->80654 80649 7ff6ab543a0b 80881 7ff6ab548b90 40 API calls __std_exception_copy 80649->80881 80653 7ff6ab5439ce 80651->80653 80652 7ff6ab543a17 80882 7ff6ab548b90 40 API calls __std_exception_copy 80652->80882 80653->80632 80656 7ff6ab5439de 80653->80656 80660 7ff6ab54390e __std_exception_copy 80654->80660 80880 7ff6ab548b30 40 API calls __std_exception_copy 80654->80880 80879 7ff6ab542710 54 API calls _log10_special 80656->80879 80657 7ff6ab543a23 80883 7ff6ab548b90 40 API calls __std_exception_copy 80657->80883 80661 7ff6ab548a20 14 API calls 80660->80661 80662 7ff6ab543a3b 80661->80662 80663 7ff6ab543b2f 80662->80663 80664 7ff6ab543a60 __std_exception_copy 80662->80664 80885 7ff6ab542710 54 API calls _log10_special 80663->80885 80677 7ff6ab543aab 80664->80677 80884 7ff6ab548b30 40 API calls __std_exception_copy 80664->80884 80667 7ff6ab548a20 14 API calls 80668 7ff6ab543bf4 __std_exception_copy 80667->80668 80669 7ff6ab543c46 80668->80669 80670 7ff6ab543d41 80668->80670 80671 7ff6ab543c50 80669->80671 80672 7ff6ab543cd4 80669->80672 80890 7ff6ab5444d0 49 API calls 80670->80890 80886 7ff6ab5490e0 59 API calls _log10_special 80671->80886 80675 7ff6ab548a20 14 API calls 80672->80675 80679 7ff6ab543ce0 80675->80679 80676 7ff6ab543d4f 80680 7ff6ab543d71 80676->80680 80681 7ff6ab543d65 80676->80681 80677->80667 80678 7ff6ab543c55 80682 7ff6ab543c61 80678->80682 80683 7ff6ab543cb3 80678->80683 80679->80682 80686 7ff6ab543ced 80679->80686 80685 7ff6ab541c80 49 API calls 80680->80685 80891 7ff6ab544620 80681->80891 80887 7ff6ab542710 54 API calls _log10_special 80682->80887 80888 7ff6ab548850 86 API calls 2 library calls 80683->80888 80697 7ff6ab543d2b __std_exception_copy 80685->80697 80690 7ff6ab541c80 49 API calls 80686->80690 80688 7ff6ab543cbb 80693 7ff6ab543cc8 80688->80693 80694 7ff6ab543cbf 80688->80694 80695 7ff6ab543d0b 80690->80695 80691 7ff6ab543dc4 80692 7ff6ab549400 2 API calls 80691->80692 80696 7ff6ab543dd7 SetDllDirectoryW 80692->80696 80693->80697 80694->80682 80695->80697 80698 7ff6ab543d12 80695->80698 80702 7ff6ab543e0a 80696->80702 80703 7ff6ab543e5a 80696->80703 80697->80691 80699 7ff6ab543da7 SetDllDirectoryW LoadLibraryExW 80697->80699 80889 7ff6ab542710 54 API calls _log10_special 80698->80889 80699->80691 80706 7ff6ab548a20 14 API calls 80702->80706 80705 7ff6ab543ffc 80703->80705 80707 7ff6ab543f1b 80703->80707 80704 7ff6ab543808 __std_exception_copy 80704->80626 80708 7ff6ab544029 80705->80708 80709 7ff6ab544006 PostMessageW GetMessageW 80705->80709 80714 7ff6ab543e16 __std_exception_copy 80706->80714 80902 7ff6ab5433c0 121 API calls 2 library calls 80707->80902 80855 7ff6ab543360 80708->80855 80709->80708 80711 7ff6ab543f23 80711->80704 80712 7ff6ab543f2b 80711->80712 80903 7ff6ab5490c0 LocalFree 80712->80903 80717 7ff6ab543ef2 80714->80717 80721 7ff6ab543e4e 80714->80721 80901 7ff6ab548b30 40 API calls __std_exception_copy 80717->80901 80721->80703 80894 7ff6ab546db0 54 API calls _get_daylight 80721->80894 80730 7ff6ab543e6c 80895 7ff6ab547330 117 API calls 2 library calls 80730->80895 80734 7ff6ab543e81 80755->80598 80756->80606 80757->80608 80758->80594 80759->80597 80760->80612 80762 7ff6ab56a530 80761->80762 80762->80617 80762->80762 80765 7ff6ab55f4f0 80763->80765 80766 7ff6ab55f596 80765->80766 80768 7ff6ab55f543 80765->80768 80906 7ff6ab55f3c8 71 API calls _fread_nolock 80766->80906 80905 7ff6ab55a884 37 API calls 2 library calls 80768->80905 80769 7ff6ab55f56c 80769->80621 80907 7ff6ab54c8c0 80770->80907 80773 7ff6ab5436eb GetLastError 80914 7ff6ab542c50 51 API calls _log10_special 80773->80914 80774 7ff6ab543710 80909 7ff6ab5492f0 FindFirstFileExW 80774->80909 80778 7ff6ab54377d 80917 7ff6ab5494b0 WideCharToMultiByte WideCharToMultiByte __std_exception_copy 80778->80917 80779 7ff6ab543723 80915 7ff6ab549370 CreateFileW GetFinalPathNameByHandleW CloseHandle 80779->80915 80781 7ff6ab54c5c0 _log10_special 8 API calls 80783 7ff6ab5437b5 80781->80783 80783->80704 80792 7ff6ab541950 80783->80792 80784 7ff6ab543730 80787 7ff6ab54374c __vcrt_InitializeCriticalSectionEx 80784->80787 80788 7ff6ab543734 80784->80788 80785 7ff6ab54378b 80786 7ff6ab543706 80785->80786 80918 7ff6ab542810 49 API calls _log10_special 80785->80918 80786->80781 80787->80778 80916 7ff6ab542810 49 API calls _log10_special 80788->80916 80791 7ff6ab543745 80791->80786 80793 7ff6ab5445b0 108 API calls 80792->80793 80794 7ff6ab541985 80793->80794 80795 7ff6ab541c43 80794->80795 80796 7ff6ab547f80 83 API calls 80794->80796 80797 7ff6ab54c5c0 _log10_special 8 API calls 80795->80797 80798 7ff6ab5419cb 80796->80798 80799 7ff6ab541c5e 80797->80799 80800 7ff6ab550744 73 API calls 80798->80800 80841 7ff6ab541a03 80798->80841 80799->80627 80799->80628 80802 7ff6ab5419e5 80800->80802 80801 7ff6ab5500bc 74 API calls 80801->80795 80803 7ff6ab5419e9 80802->80803 80804 7ff6ab541a08 80802->80804 80919 7ff6ab554f78 11 API calls _get_daylight 80803->80919 80806 7ff6ab55040c _fread_nolock 53 API calls 80804->80806 80808 7ff6ab541a20 80806->80808 80807 7ff6ab5419ee 80920 7ff6ab542910 54 API calls _log10_special 80807->80920 80810 7ff6ab541a26 80808->80810 80811 7ff6ab541a45 80808->80811 80921 7ff6ab554f78 11 API calls _get_daylight 80810->80921 80815 7ff6ab541a5c 80811->80815 80816 7ff6ab541a7b 80811->80816 80813 7ff6ab541a2b 80922 7ff6ab542910 54 API calls _log10_special 80813->80922 80923 7ff6ab554f78 11 API calls _get_daylight 80815->80923 80818 7ff6ab541c80 49 API calls 80816->80818 80820 7ff6ab541a92 80818->80820 80819 7ff6ab541a61 80924 7ff6ab542910 54 API calls _log10_special 80819->80924 80822 7ff6ab541c80 49 API calls 80820->80822 80823 7ff6ab541add 80822->80823 80824 7ff6ab550744 73 API calls 80823->80824 80825 7ff6ab541b01 80824->80825 80826 7ff6ab541b16 80825->80826 80827 7ff6ab541b35 80825->80827 80925 7ff6ab554f78 11 API calls _get_daylight 80826->80925 80829 7ff6ab55040c _fread_nolock 53 API calls 80827->80829 80831 7ff6ab541b4a 80829->80831 80830 7ff6ab541b1b 80926 7ff6ab542910 54 API calls _log10_special 80830->80926 80833 7ff6ab541b50 80831->80833 80834 7ff6ab541b6f 80831->80834 80927 7ff6ab554f78 11 API calls _get_daylight 80833->80927 80929 7ff6ab550180 37 API calls 2 library calls 80834->80929 80837 7ff6ab541b89 80837->80841 80930 7ff6ab542710 54 API calls _log10_special 80837->80930 80838 7ff6ab541b55 80928 7ff6ab542910 54 API calls _log10_special 80838->80928 80841->80801 80843 7ff6ab548a2a 80842->80843 80844 7ff6ab549400 2 API calls 80843->80844 80845 7ff6ab548a49 GetEnvironmentVariableW 80844->80845 80846 7ff6ab548a66 ExpandEnvironmentStringsW 80845->80846 80847 7ff6ab548ab2 80845->80847 80846->80847 80848 7ff6ab548a88 80846->80848 80849 7ff6ab54c5c0 _log10_special 8 API calls 80847->80849 80931 7ff6ab5494b0 WideCharToMultiByte WideCharToMultiByte __std_exception_copy 80848->80931 80851 7ff6ab548ac4 80849->80851 80851->80637 80852 7ff6ab548a9a 80853 7ff6ab54c5c0 _log10_special 8 API calls 80852->80853 80854 7ff6ab548aaa 80853->80854 80854->80637 80932 7ff6ab546350 80855->80932 80868->80645 80870 7ff6ab547fa4 80869->80870 80871 7ff6ab550744 73 API calls 80870->80871 80876 7ff6ab54807b __std_exception_copy 80870->80876 80872 7ff6ab547fc0 80871->80872 80872->80876 81064 7ff6ab557938 80872->81064 80874 7ff6ab550744 73 API calls 80877 7ff6ab547fd5 80874->80877 80875 7ff6ab55040c _fread_nolock 53 API calls 80875->80877 80876->80639 80877->80874 80877->80875 80877->80876 80878->80704 80879->80704 80880->80649 80881->80652 80882->80657 80883->80660 80884->80677 80885->80704 80886->80678 80887->80704 80888->80688 80889->80704 80890->80676 80892 7ff6ab541c80 49 API calls 80891->80892 80893 7ff6ab544650 80892->80893 80893->80697 80894->80730 80895->80734 80901->80703 80902->80711 80905->80769 80906->80769 80908 7ff6ab5436bc GetModuleFileNameW 80907->80908 80908->80773 80908->80774 80910 7ff6ab54932f FindClose 80909->80910 80911 7ff6ab549342 80909->80911 80910->80911 80912 7ff6ab54c5c0 _log10_special 8 API calls 80911->80912 80913 7ff6ab54371a 80912->80913 80913->80778 80913->80779 80914->80786 80915->80784 80916->80791 80917->80785 80918->80786 80919->80807 80920->80841 80921->80813 80922->80841 80923->80819 80924->80841 80925->80830 80926->80841 80927->80838 80928->80841 80929->80837 80930->80841 80931->80852 80933 7ff6ab546365 80932->80933 80934 7ff6ab541c80 49 API calls 80933->80934 80935 7ff6ab5463a1 80934->80935 81065 7ff6ab557968 81064->81065 81068 7ff6ab557444 81065->81068 81067 7ff6ab557981 81067->80877 81069 7ff6ab55748e 81068->81069 81070 7ff6ab55745f 81068->81070 81078 7ff6ab5554dc EnterCriticalSection 81069->81078 81079 7ff6ab55a884 37 API calls 2 library calls 81070->81079 81077 7ff6ab55747f 81077->81067 81079->81077 78273 7ff6ab55f9fc 78274 7ff6ab55fbee 78273->78274 78277 7ff6ab55fa3e _isindst 78273->78277 78320 7ff6ab554f78 11 API calls _get_daylight 78274->78320 78276 7ff6ab55fbde 78321 7ff6ab54c5c0 78276->78321 78277->78274 78280 7ff6ab55fabe _isindst 78277->78280 78294 7ff6ab566204 78280->78294 78285 7ff6ab55fc1a 78330 7ff6ab55a970 IsProcessorFeaturePresent 78285->78330 78292 7ff6ab55fb1b 78292->78276 78319 7ff6ab566248 37 API calls _isindst 78292->78319 78295 7ff6ab566213 78294->78295 78296 7ff6ab55fadc 78294->78296 78334 7ff6ab560348 EnterCriticalSection 78295->78334 78301 7ff6ab565608 78296->78301 78302 7ff6ab565611 78301->78302 78306 7ff6ab55faf1 78301->78306 78335 7ff6ab554f78 11 API calls _get_daylight 78302->78335 78304 7ff6ab565616 78336 7ff6ab55a950 37 API calls _invalid_parameter_noinfo 78304->78336 78306->78285 78307 7ff6ab565638 78306->78307 78308 7ff6ab565641 78307->78308 78312 7ff6ab55fb02 78307->78312 78337 7ff6ab554f78 11 API calls _get_daylight 78308->78337 78310 7ff6ab565646 78338 7ff6ab55a950 37 API calls _invalid_parameter_noinfo 78310->78338 78312->78285 78313 7ff6ab565668 78312->78313 78314 7ff6ab565671 78313->78314 78316 7ff6ab55fb13 78313->78316 78339 7ff6ab554f78 11 API calls _get_daylight 78314->78339 78316->78285 78316->78292 78317 7ff6ab565676 78340 7ff6ab55a950 37 API calls _invalid_parameter_noinfo 78317->78340 78319->78276 78320->78276 78324 7ff6ab54c5c9 78321->78324 78322 7ff6ab54c950 IsProcessorFeaturePresent 78325 7ff6ab54c968 78322->78325 78323 7ff6ab54c5d4 78324->78322 78324->78323 78341 7ff6ab54cb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 78325->78341 78327 7ff6ab54c97b 78342 7ff6ab54c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 78327->78342 78331 7ff6ab55a983 78330->78331 78343 7ff6ab55a684 14 API calls 3 library calls 78331->78343 78333 7ff6ab55a99e GetCurrentProcess TerminateProcess 78335->78304 78336->78306 78337->78310 78338->78312 78339->78317 78340->78316 78341->78327 78343->78333 78344 7ff6ab555698 78345 7ff6ab5556b2 78344->78345 78346 7ff6ab5556cf 78344->78346 78395 7ff6ab554f58 11 API calls _get_daylight 78345->78395 78346->78345 78348 7ff6ab5556e2 CreateFileW 78346->78348 78349 7ff6ab55574c 78348->78349 78350 7ff6ab555716 78348->78350 78398 7ff6ab555c74 46 API calls 3 library calls 78349->78398 78369 7ff6ab5557ec GetFileType 78350->78369 78351 7ff6ab5556b7 78396 7ff6ab554f78 11 API calls _get_daylight 78351->78396 78356 7ff6ab555751 78360 7ff6ab555755 78356->78360 78361 7ff6ab555780 78356->78361 78357 7ff6ab5556bf 78397 7ff6ab55a950 37 API calls _invalid_parameter_noinfo 78357->78397 78358 7ff6ab55572b CloseHandle 78363 7ff6ab5556ca 78358->78363 78359 7ff6ab555741 CloseHandle 78359->78363 78399 7ff6ab554eec 11 API calls 2 library calls 78360->78399 78400 7ff6ab555a34 78361->78400 78368 7ff6ab55575f 78368->78363 78370 7ff6ab55583a 78369->78370 78371 7ff6ab5558f7 78369->78371 78374 7ff6ab555866 GetFileInformationByHandle 78370->78374 78418 7ff6ab555b70 21 API calls _fread_nolock 78370->78418 78372 7ff6ab5558ff 78371->78372 78373 7ff6ab555921 78371->78373 78375 7ff6ab555912 GetLastError 78372->78375 78376 7ff6ab555903 78372->78376 78378 7ff6ab555944 PeekNamedPipe 78373->78378 78393 7ff6ab5558e2 78373->78393 78374->78375 78377 7ff6ab55588f 78374->78377 78421 7ff6ab554eec 11 API calls 2 library calls 78375->78421 78420 7ff6ab554f78 11 API calls _get_daylight 78376->78420 78381 7ff6ab555a34 51 API calls 78377->78381 78378->78393 78384 7ff6ab55589a 78381->78384 78383 7ff6ab555854 78383->78374 78383->78393 78411 7ff6ab555994 78384->78411 78385 7ff6ab54c5c0 _log10_special 8 API calls 78387 7ff6ab555724 78385->78387 78387->78358 78387->78359 78389 7ff6ab555994 10 API calls 78390 7ff6ab5558b9 78389->78390 78391 7ff6ab555994 10 API calls 78390->78391 78392 7ff6ab5558ca 78391->78392 78392->78393 78419 7ff6ab554f78 11 API calls _get_daylight 78392->78419 78393->78385 78395->78351 78396->78357 78397->78363 78398->78356 78399->78368 78402 7ff6ab555a5c 78400->78402 78401 7ff6ab55578d 78410 7ff6ab555b70 21 API calls _fread_nolock 78401->78410 78402->78401 78422 7ff6ab55f794 51 API calls 2 library calls 78402->78422 78404 7ff6ab555af0 78404->78401 78423 7ff6ab55f794 51 API calls 2 library calls 78404->78423 78406 7ff6ab555b03 78406->78401 78424 7ff6ab55f794 51 API calls 2 library calls 78406->78424 78408 7ff6ab555b16 78408->78401 78425 7ff6ab55f794 51 API calls 2 library calls 78408->78425 78410->78368 78412 7ff6ab5559bd FileTimeToSystemTime 78411->78412 78413 7ff6ab5559b0 78411->78413 78414 7ff6ab5559d1 SystemTimeToTzSpecificLocalTime 78412->78414 78415 7ff6ab5559b8 78412->78415 78413->78412 78413->78415 78414->78415 78416 7ff6ab54c5c0 _log10_special 8 API calls 78415->78416 78417 7ff6ab5558a9 78416->78417 78417->78389 78418->78383 78419->78393 78420->78393 78421->78393 78422->78404 78423->78406 78424->78408 78425->78401 78426 7ff6ab542fe0 78427 7ff6ab542ff0 78426->78427 78428 7ff6ab54302b 78427->78428 78429 7ff6ab543041 78427->78429 78488 7ff6ab542710 54 API calls _log10_special 78428->78488 78431 7ff6ab543061 78429->78431 78441 7ff6ab543077 __std_exception_copy 78429->78441 78489 7ff6ab542710 54 API calls _log10_special 78431->78489 78433 7ff6ab54c5c0 _log10_special 8 API calls 78434 7ff6ab5431fa 78433->78434 78436 7ff6ab543349 78496 7ff6ab542710 54 API calls _log10_special 78436->78496 78439 7ff6ab543333 78495 7ff6ab542710 54 API calls _log10_special 78439->78495 78441->78436 78441->78439 78442 7ff6ab54330d 78441->78442 78444 7ff6ab543207 78441->78444 78453 7ff6ab543037 __std_exception_copy 78441->78453 78454 7ff6ab541470 78441->78454 78484 7ff6ab541c80 78441->78484 78494 7ff6ab542710 54 API calls _log10_special 78442->78494 78445 7ff6ab543273 78444->78445 78490 7ff6ab55a474 37 API calls 2 library calls 78444->78490 78447 7ff6ab543290 78445->78447 78448 7ff6ab54329e 78445->78448 78491 7ff6ab55a474 37 API calls 2 library calls 78447->78491 78492 7ff6ab542dd0 37 API calls 78448->78492 78451 7ff6ab54329c 78493 7ff6ab542500 54 API calls __std_exception_copy 78451->78493 78453->78433 78497 7ff6ab5445b0 78454->78497 78457 7ff6ab5414bc 78507 7ff6ab550744 78457->78507 78458 7ff6ab54149b 78537 7ff6ab542710 54 API calls _log10_special 78458->78537 78461 7ff6ab5414ab 78461->78441 78462 7ff6ab5414d1 78463 7ff6ab5414d5 78462->78463 78465 7ff6ab5414f8 78462->78465 78538 7ff6ab554f78 11 API calls _get_daylight 78463->78538 78467 7ff6ab541508 78465->78467 78468 7ff6ab541532 78465->78468 78466 7ff6ab5414da 78539 7ff6ab542910 54 API calls _log10_special 78466->78539 78540 7ff6ab554f78 11 API calls _get_daylight 78467->78540 78471 7ff6ab541538 78468->78471 78479 7ff6ab54154b 78468->78479 78511 7ff6ab541210 78471->78511 78472 7ff6ab541510 78541 7ff6ab542910 54 API calls _log10_special 78472->78541 78476 7ff6ab5414f3 __std_exception_copy 78533 7ff6ab5500bc 78476->78533 78477 7ff6ab5415c4 78477->78441 78479->78476 78480 7ff6ab5415d6 78479->78480 78542 7ff6ab55040c 78479->78542 78545 7ff6ab554f78 11 API calls _get_daylight 78480->78545 78482 7ff6ab5415db 78546 7ff6ab542910 54 API calls _log10_special 78482->78546 78485 7ff6ab541ca5 78484->78485 78785 7ff6ab5549f4 78485->78785 78488->78453 78489->78453 78490->78445 78491->78451 78492->78451 78493->78453 78494->78453 78495->78453 78496->78453 78498 7ff6ab5445bc 78497->78498 78547 7ff6ab549400 78498->78547 78500 7ff6ab5445e4 78501 7ff6ab549400 2 API calls 78500->78501 78502 7ff6ab5445f7 78501->78502 78552 7ff6ab556004 78502->78552 78505 7ff6ab54c5c0 _log10_special 8 API calls 78506 7ff6ab541493 78505->78506 78506->78457 78506->78458 78508 7ff6ab550774 78507->78508 78718 7ff6ab5504d4 78508->78718 78510 7ff6ab55078d 78510->78462 78512 7ff6ab541268 78511->78512 78513 7ff6ab541297 78512->78513 78514 7ff6ab54126f 78512->78514 78517 7ff6ab5412b1 78513->78517 78518 7ff6ab5412d4 78513->78518 78735 7ff6ab542710 54 API calls _log10_special 78514->78735 78516 7ff6ab541282 78516->78476 78736 7ff6ab554f78 11 API calls _get_daylight 78517->78736 78522 7ff6ab5412e6 78518->78522 78528 7ff6ab541309 memcpy_s 78518->78528 78520 7ff6ab5412b6 78737 7ff6ab542910 54 API calls _log10_special 78520->78737 78738 7ff6ab554f78 11 API calls _get_daylight 78522->78738 78524 7ff6ab5412eb 78739 7ff6ab542910 54 API calls _log10_special 78524->78739 78525 7ff6ab55040c _fread_nolock 53 API calls 78525->78528 78527 7ff6ab5412cf __std_exception_copy 78527->78476 78528->78525 78528->78527 78529 7ff6ab5413cf 78528->78529 78532 7ff6ab550180 37 API calls 78528->78532 78731 7ff6ab550b4c 78528->78731 78740 7ff6ab542710 54 API calls _log10_special 78529->78740 78532->78528 78534 7ff6ab5500ec 78533->78534 78757 7ff6ab54fe98 78534->78757 78536 7ff6ab550105 78536->78477 78537->78461 78538->78466 78539->78476 78540->78472 78541->78476 78769 7ff6ab55042c 78542->78769 78545->78482 78546->78476 78548 7ff6ab549422 MultiByteToWideChar 78547->78548 78549 7ff6ab549446 78547->78549 78548->78549 78551 7ff6ab54945c __std_exception_copy 78548->78551 78550 7ff6ab549463 MultiByteToWideChar 78549->78550 78549->78551 78550->78551 78551->78500 78553 7ff6ab555f38 78552->78553 78554 7ff6ab555f5e 78553->78554 78556 7ff6ab555f91 78553->78556 78583 7ff6ab554f78 11 API calls _get_daylight 78554->78583 78558 7ff6ab555f97 78556->78558 78559 7ff6ab555fa4 78556->78559 78557 7ff6ab555f63 78584 7ff6ab55a950 37 API calls _invalid_parameter_noinfo 78557->78584 78585 7ff6ab554f78 11 API calls _get_daylight 78558->78585 78571 7ff6ab55ac98 78559->78571 78561 7ff6ab544606 78561->78505 78588 7ff6ab560348 EnterCriticalSection 78571->78588 78583->78557 78584->78561 78585->78561 78719 7ff6ab55053e 78718->78719 78720 7ff6ab5504fe 78718->78720 78719->78720 78722 7ff6ab55054a 78719->78722 78730 7ff6ab55a884 37 API calls 2 library calls 78720->78730 78729 7ff6ab5554dc EnterCriticalSection 78722->78729 78723 7ff6ab550525 78723->78510 78730->78723 78732 7ff6ab550b7c 78731->78732 78741 7ff6ab55089c 78732->78741 78734 7ff6ab550b9a 78734->78528 78735->78516 78736->78520 78737->78527 78738->78524 78739->78527 78740->78527 78742 7ff6ab5508bc 78741->78742 78747 7ff6ab5508e9 78741->78747 78743 7ff6ab5508c6 78742->78743 78744 7ff6ab5508f1 78742->78744 78742->78747 78755 7ff6ab55a884 37 API calls 2 library calls 78743->78755 78748 7ff6ab5507dc 78744->78748 78747->78734 78756 7ff6ab5554dc EnterCriticalSection 78748->78756 78755->78747 78758 7ff6ab54feb3 78757->78758 78759 7ff6ab54fee1 78757->78759 78768 7ff6ab55a884 37 API calls 2 library calls 78758->78768 78762 7ff6ab54fed3 78759->78762 78767 7ff6ab5554dc EnterCriticalSection 78759->78767 78762->78536 78768->78762 78770 7ff6ab550456 78769->78770 78771 7ff6ab550424 78769->78771 78770->78771 78772 7ff6ab5504a2 78770->78772 78773 7ff6ab550465 __scrt_get_show_window_mode 78770->78773 78771->78479 78782 7ff6ab5554dc EnterCriticalSection 78772->78782 78783 7ff6ab554f78 11 API calls _get_daylight 78773->78783 78778 7ff6ab55047a 78784 7ff6ab55a950 37 API calls _invalid_parameter_noinfo 78778->78784 78783->78778 78784->78771 78787 7ff6ab554a4e 78785->78787 78786 7ff6ab554a73 78803 7ff6ab55a884 37 API calls 2 library calls 78786->78803 78787->78786 78788 7ff6ab554aaf 78787->78788 78804 7ff6ab552c80 49 API calls _invalid_parameter_noinfo 78788->78804 78791 7ff6ab554a9d 78793 7ff6ab54c5c0 _log10_special 8 API calls 78791->78793 78792 7ff6ab554b8c 78794 7ff6ab55a9b8 __free_lconv_mon 11 API calls 78792->78794 78796 7ff6ab541cc8 78793->78796 78794->78791 78795 7ff6ab554b46 78795->78792 78797 7ff6ab554bb0 78795->78797 78798 7ff6ab554b61 78795->78798 78801 7ff6ab554b58 78795->78801 78796->78441 78797->78792 78799 7ff6ab554bba 78797->78799 78805 7ff6ab55a9b8 78798->78805 78802 7ff6ab55a9b8 __free_lconv_mon 11 API calls 78799->78802 78801->78792 78801->78798 78802->78791 78803->78791 78804->78795 78806 7ff6ab55a9bd RtlFreeHeap 78805->78806 78807 7ff6ab55a9ec 78805->78807 78806->78807 78808 7ff6ab55a9d8 GetLastError 78806->78808 78807->78791 78809 7ff6ab55a9e5 __free_lconv_mon 78808->78809 78811 7ff6ab554f78 11 API calls _get_daylight 78809->78811 78811->78807 81080 7ff6ab5599d1 81092 7ff6ab55a448 81080->81092 81097 7ff6ab55b1c0 45 API calls 3 library calls 81092->81097 81095 7ff6ab55a451 81098 7ff6ab55a574 45 API calls __GetCurrentState 81095->81098 81097->81095

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 70A0A7B0 Relevance: 624.0, APIs: 334, Strings: 21, Instructions: 2756stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: strncmp$free$_errnofprintf$fputc$strchr$atoffclose$_time64getenvstrerror
                                                                                                                                                                                                                                                    • String ID: %s$%s,%d,0x%x,$*$*CODE:$*DOMAIN:$*FIXKEY:$*FLAGS:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*TIME:$*VERSION:$Pyarmor$_vax_%s$clickbank$license.c$pyarmor-test-0001$pytransform.log$regnow$shareit
                                                                                                                                                                                                                                                    • API String ID: 1877277240-1732257083
                                                                                                                                                                                                                                                    • Opcode ID: b5da418139bb80263280cf045c409efdef0a7cbd51e346d68e2e65665660ba34
                                                                                                                                                                                                                                                    • Instruction ID: 9e1d1b8ada2dcebee2fe6bcc057d11c69bf52c235d1179b5613465b19a765894
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5da418139bb80263280cf045c409efdef0a7cbd51e346d68e2e65665660ba34
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42338B7171874ADAEB159B21FA1079D23A5FB88BC4F44422AD94E5B36CEF3CE509C312
                                                                                                                                                                                                                                                    Function 00007FF6AB541000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2149 7ff6ab541000-7ff6ab543806 call 7ff6ab54fe88 call 7ff6ab54fe90 call 7ff6ab54c8c0 call 7ff6ab555460 call 7ff6ab5554f4 call 7ff6ab5436b0 2163 7ff6ab543808-7ff6ab54380f 2149->2163 2164 7ff6ab543814-7ff6ab543836 call 7ff6ab541950 2149->2164 2165 7ff6ab543c97-7ff6ab543cb2 call 7ff6ab54c5c0 2163->2165 2169 7ff6ab54383c-7ff6ab543856 call 7ff6ab541c80 2164->2169 2170 7ff6ab54391b-7ff6ab543931 call 7ff6ab5445b0 2164->2170 2174 7ff6ab54385b-7ff6ab54389b call 7ff6ab548a20 2169->2174 2177 7ff6ab54396a-7ff6ab54397f call 7ff6ab542710 2170->2177 2178 7ff6ab543933-7ff6ab543960 call 7ff6ab547f80 2170->2178 2184 7ff6ab54389d-7ff6ab5438a3 2174->2184 2185 7ff6ab5438c1-7ff6ab5438cc call 7ff6ab554fa0 2174->2185 2188 7ff6ab543c8f 2177->2188 2186 7ff6ab543984-7ff6ab5439a6 call 7ff6ab541c80 2178->2186 2187 7ff6ab543962-7ff6ab543965 call 7ff6ab5500bc 2178->2187 2189 7ff6ab5438af-7ff6ab5438bd call 7ff6ab548b90 2184->2189 2190 7ff6ab5438a5-7ff6ab5438ad 2184->2190 2196 7ff6ab5439fc-7ff6ab543a2a call 7ff6ab548b30 call 7ff6ab548b90 * 3 2185->2196 2197 7ff6ab5438d2-7ff6ab5438e1 call 7ff6ab548a20 2185->2197 2202 7ff6ab5439b0-7ff6ab5439b9 2186->2202 2187->2177 2188->2165 2189->2185 2190->2189 2225 7ff6ab543a2f-7ff6ab543a3e call 7ff6ab548a20 2196->2225 2206 7ff6ab5438e7-7ff6ab5438ed 2197->2206 2207 7ff6ab5439f4-7ff6ab5439f7 call 7ff6ab554fa0 2197->2207 2202->2202 2205 7ff6ab5439bb-7ff6ab5439d8 call 7ff6ab541950 2202->2205 2205->2174 2217 7ff6ab5439de-7ff6ab5439ef call 7ff6ab542710 2205->2217 2211 7ff6ab5438f0-7ff6ab5438fc 2206->2211 2207->2196 2214 7ff6ab5438fe-7ff6ab543903 2211->2214 2215 7ff6ab543905-7ff6ab543908 2211->2215 2214->2211 2214->2215 2215->2207 2218 7ff6ab54390e-7ff6ab543916 call 7ff6ab554fa0 2215->2218 2217->2188 2218->2225 2228 7ff6ab543b45-7ff6ab543b53 2225->2228 2229 7ff6ab543a44-7ff6ab543a47 2225->2229 2230 7ff6ab543b59-7ff6ab543b5d 2228->2230 2231 7ff6ab543a67 2228->2231 2229->2228 2232 7ff6ab543a4d-7ff6ab543a50 2229->2232 2233 7ff6ab543a6b-7ff6ab543a90 call 7ff6ab554fa0 2230->2233 2231->2233 2234 7ff6ab543a56-7ff6ab543a5a 2232->2234 2235 7ff6ab543b14-7ff6ab543b17 2232->2235 2244 7ff6ab543aab-7ff6ab543ac0 2233->2244 2245 7ff6ab543a92-7ff6ab543aa6 call 7ff6ab548b30 2233->2245 2234->2235 2236 7ff6ab543a60 2234->2236 2237 7ff6ab543b19-7ff6ab543b1d 2235->2237 2238 7ff6ab543b2f-7ff6ab543b40 call 7ff6ab542710 2235->2238 2236->2231 2237->2238 2240 7ff6ab543b1f-7ff6ab543b2a 2237->2240 2246 7ff6ab543c7f-7ff6ab543c87 2238->2246 2240->2233 2248 7ff6ab543be8-7ff6ab543bfa call 7ff6ab548a20 2244->2248 2249 7ff6ab543ac6-7ff6ab543aca 2244->2249 2245->2244 2246->2188 2257 7ff6ab543bfc-7ff6ab543c02 2248->2257 2258 7ff6ab543c2e 2248->2258 2251 7ff6ab543bcd-7ff6ab543be2 call 7ff6ab541940 2249->2251 2252 7ff6ab543ad0-7ff6ab543ae8 call 7ff6ab5552c0 2249->2252 2251->2248 2251->2249 2262 7ff6ab543aea-7ff6ab543b02 call 7ff6ab5552c0 2252->2262 2263 7ff6ab543b62-7ff6ab543b7a call 7ff6ab5552c0 2252->2263 2260 7ff6ab543c1e-7ff6ab543c2c 2257->2260 2261 7ff6ab543c04-7ff6ab543c1c 2257->2261 2264 7ff6ab543c31-7ff6ab543c40 call 7ff6ab554fa0 2258->2264 2260->2264 2261->2264 2262->2251 2275 7ff6ab543b08-7ff6ab543b0f 2262->2275 2273 7ff6ab543b87-7ff6ab543b9f call 7ff6ab5552c0 2263->2273 2274 7ff6ab543b7c-7ff6ab543b80 2263->2274 2271 7ff6ab543c46-7ff6ab543c4a 2264->2271 2272 7ff6ab543d41-7ff6ab543d63 call 7ff6ab5444d0 2264->2272 2276 7ff6ab543c50-7ff6ab543c5f call 7ff6ab5490e0 2271->2276 2277 7ff6ab543cd4-7ff6ab543ce6 call 7ff6ab548a20 2271->2277 2286 7ff6ab543d71-7ff6ab543d82 call 7ff6ab541c80 2272->2286 2287 7ff6ab543d65-7ff6ab543d6f call 7ff6ab544620 2272->2287 2288 7ff6ab543bac-7ff6ab543bc4 call 7ff6ab5552c0 2273->2288 2289 7ff6ab543ba1-7ff6ab543ba5 2273->2289 2274->2273 2275->2251 2291 7ff6ab543c61 2276->2291 2292 7ff6ab543cb3-7ff6ab543cbd call 7ff6ab548850 2276->2292 2293 7ff6ab543ce8-7ff6ab543ceb 2277->2293 2294 7ff6ab543d35-7ff6ab543d3c 2277->2294 2301 7ff6ab543d87-7ff6ab543d96 2286->2301 2287->2301 2288->2251 2304 7ff6ab543bc6 2288->2304 2289->2288 2298 7ff6ab543c68 call 7ff6ab542710 2291->2298 2310 7ff6ab543cc8-7ff6ab543ccf 2292->2310 2311 7ff6ab543cbf-7ff6ab543cc6 2292->2311 2293->2294 2299 7ff6ab543ced-7ff6ab543d10 call 7ff6ab541c80 2293->2299 2294->2298 2312 7ff6ab543c6d-7ff6ab543c77 2298->2312 2316 7ff6ab543d2b-7ff6ab543d33 call 7ff6ab554fa0 2299->2316 2317 7ff6ab543d12-7ff6ab543d26 call 7ff6ab542710 call 7ff6ab554fa0 2299->2317 2307 7ff6ab543d98-7ff6ab543d9f 2301->2307 2308 7ff6ab543dc4-7ff6ab543dda call 7ff6ab549400 2301->2308 2304->2251 2307->2308 2314 7ff6ab543da1-7ff6ab543da5 2307->2314 2320 7ff6ab543de8-7ff6ab543e04 SetDllDirectoryW 2308->2320 2321 7ff6ab543ddc 2308->2321 2310->2301 2311->2298 2312->2246 2314->2308 2318 7ff6ab543da7-7ff6ab543dbe SetDllDirectoryW LoadLibraryExW 2314->2318 2316->2301 2317->2312 2318->2308 2324 7ff6ab543e0a-7ff6ab543e19 call 7ff6ab548a20 2320->2324 2325 7ff6ab543f01-7ff6ab543f08 2320->2325 2321->2320 2338 7ff6ab543e1b-7ff6ab543e21 2324->2338 2339 7ff6ab543e32-7ff6ab543e3c call 7ff6ab554fa0 2324->2339 2327 7ff6ab543ffc-7ff6ab544004 2325->2327 2328 7ff6ab543f0e-7ff6ab543f15 2325->2328 2332 7ff6ab544029-7ff6ab54403e call 7ff6ab5436a0 call 7ff6ab543360 call 7ff6ab543670 2327->2332 2333 7ff6ab544006-7ff6ab544023 PostMessageW GetMessageW 2327->2333 2328->2327 2331 7ff6ab543f1b-7ff6ab543f25 call 7ff6ab5433c0 2328->2331 2331->2312 2345 7ff6ab543f2b-7ff6ab543f3f call 7ff6ab5490c0 2331->2345 2360 7ff6ab544043-7ff6ab54405b call 7ff6ab546fb0 call 7ff6ab546d60 2332->2360 2333->2332 2342 7ff6ab543e2d-7ff6ab543e2f 2338->2342 2343 7ff6ab543e23-7ff6ab543e2b 2338->2343 2350 7ff6ab543ef2-7ff6ab543efc call 7ff6ab548b30 2339->2350 2351 7ff6ab543e42-7ff6ab543e48 2339->2351 2342->2339 2343->2342 2358 7ff6ab543f41-7ff6ab543f5e PostMessageW GetMessageW 2345->2358 2359 7ff6ab543f64-7ff6ab543fa7 call 7ff6ab548b30 call 7ff6ab548bd0 call 7ff6ab546fb0 call 7ff6ab546d60 call 7ff6ab548ad0 2345->2359 2350->2325 2351->2350 2355 7ff6ab543e4e-7ff6ab543e54 2351->2355 2356 7ff6ab543e56-7ff6ab543e58 2355->2356 2357 7ff6ab543e5f-7ff6ab543e61 2355->2357 2361 7ff6ab543e67-7ff6ab543e83 call 7ff6ab546db0 call 7ff6ab547330 2356->2361 2362 7ff6ab543e5a 2356->2362 2357->2325 2357->2361 2358->2359 2397 7ff6ab543fe9-7ff6ab543ff7 call 7ff6ab541900 2359->2397 2398 7ff6ab543fa9-7ff6ab543fb3 call 7ff6ab549200 2359->2398 2376 7ff6ab543e8e-7ff6ab543e95 2361->2376 2377 7ff6ab543e85-7ff6ab543e8c 2361->2377 2362->2325 2380 7ff6ab543e97-7ff6ab543ea4 call 7ff6ab546df0 2376->2380 2381 7ff6ab543eaf-7ff6ab543eb9 call 7ff6ab5471a0 2376->2381 2379 7ff6ab543edb-7ff6ab543ef0 call 7ff6ab542a50 call 7ff6ab546fb0 call 7ff6ab546d60 2377->2379 2379->2325 2380->2381 2395 7ff6ab543ea6-7ff6ab543ead 2380->2395 2391 7ff6ab543ebb-7ff6ab543ec2 2381->2391 2392 7ff6ab543ec4-7ff6ab543ed2 call 7ff6ab5474e0 2381->2392 2391->2379 2392->2325 2405 7ff6ab543ed4 2392->2405 2395->2379 2397->2312 2398->2397 2408 7ff6ab543fb5-7ff6ab543fca 2398->2408 2405->2379 2409 7ff6ab543fcc-7ff6ab543fdf call 7ff6ab542710 call 7ff6ab541900 2408->2409 2410 7ff6ab543fe4 call 7ff6ab542a50 2408->2410 2409->2312 2410->2397
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                    • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$bye-runtime-tmpdir$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag
                                                                                                                                                                                                                                                    • API String ID: 2776309574-3273434969
                                                                                                                                                                                                                                                    • Opcode ID: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                                                                    • Instruction ID: edf289792fd90265b2fecaee8c55b569a0830a7adc763f0fdfa0e6b96276d3e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4287787c746abb56e9331fa3c8956d7c4ae80ab217cba986f551fa52fb8bac5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35325C21A1E68291FA19EF25D5653B967A2BF4D780F844032DA5DC32F7EF2CE569C300
                                                                                                                                                                                                                                                    Function 70A0E6F0 Relevance: 28.8, APIs: 2, Strings: 17, Instructions: 293stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2436 70a0e6f0-70a0e73f 2437 70a0e9e2-70a0e9e4 2436->2437 2438 70a0e745-70a0e74d 2436->2438 2441 70a0e92e-70a0e93d 2437->2441 2439 70a0e940-70a0e947 2438->2439 2440 70a0e753-70a0e75b 2438->2440 2442 70a0e917-70a0e91e 2439->2442 2440->2439 2443 70a0e761-70a0e791 2440->2443 2445 70a0e927-70a0e929 call 70a01c70 2442->2445 2446 70a0e910 2443->2446 2447 70a0e797-70a0e79f 2443->2447 2445->2441 2446->2442 2449 70a0ea74-70a0ea90 call 70a01c70 2447->2449 2450 70a0e7a5-70a0e7b1 2447->2450 2449->2441 2454 70a0e980-70a0e989 2450->2454 2455 70a0e7b7-70a0e7bc 2450->2455 2456 70a0ea30-70a0ea37 2454->2456 2457 70a0e98f-70a0e996 2454->2457 2461 70a0e7c4-70a0e7e3 2455->2461 2456->2457 2459 70a0ea3d-70a0ea49 2456->2459 2460 70a0e999-70a0e9a0 2457->2460 2459->2460 2460->2461 2462 70a0e9a6-70a0e9b8 2460->2462 2461->2442 2465 70a0e7e9-70a0e7ff 2461->2465 2462->2461 2464 70a0e9be-70a0e9cb 2462->2464 2466 70a0e9d1-70a0e9dd 2464->2466 2467 70a0ea95-70a0ea98 2464->2467 2473 70a0e9f0-70a0ea0c call 70a01c70 2465->2473 2474 70a0e805-70a0e829 strlen strncmp 2465->2474 2466->2461 2468 70a0ea9a-70a0eaa1 2467->2468 2469 70a0eaaf-70a0eab6 2467->2469 2470 70a0eaa4-70a0eaaa 2468->2470 2469->2468 2471 70a0eab8-70a0eac4 2469->2471 2470->2466 2471->2470 2473->2441 2475 70a0e881-70a0e896 call 70a0dc10 2474->2475 2476 70a0e82b-70a0e830 2474->2476 2482 70a0e89b-70a0e8a2 2475->2482 2476->2475 2477 70a0e832-70a0e843 2476->2477 2481 70a0e858-70a0e864 2477->2481 2486 70a0e845-70a0e852 2481->2486 2487 70a0e866-70a0e86d 2481->2487 2483 70a0e950-70a0e954 2482->2483 2484 70a0e8a8-70a0e8b8 2482->2484 2488 70a0ea50-70a0ea54 2483->2488 2489 70a0e95a-70a0e973 2483->2489 2492 70a0e8c1-70a0e8c4 2484->2492 2486->2481 2490 70a0eaea 2486->2490 2487->2486 2491 70a0e86f-70a0e877 2487->2491 2493 70a0eac6-70a0eaca 2488->2493 2494 70a0ea56-70a0ea6f 2488->2494 2489->2492 2499 70a0eaf4-70a0eaf8 2490->2499 2491->2475 2495 70a0e879-70a0e87e 2491->2495 2496 70a0e8f4-70a0e8fd 2492->2496 2497 70a0e8c6-70a0e8c9 2492->2497 2493->2499 2500 70a0eacc-70a0eae5 2493->2500 2494->2492 2495->2475 2496->2445 2514 70a0e8ff-70a0e90e 2496->2514 2497->2496 2501 70a0e8cb-70a0e8d2 2497->2501 2503 70a0eb18-70a0eb1c 2499->2503 2504 70a0eafa-70a0eb13 2499->2504 2500->2492 2506 70a0ea11-70a0ea18 2501->2506 2507 70a0e8d8-70a0e8df 2501->2507 2503->2504 2505 70a0eb1e-70a0eb22 2503->2505 2504->2503 2510 70a0eb42-70a0eb46 2505->2510 2511 70a0eb24-70a0eb3d 2505->2511 2506->2507 2512 70a0ea1e-70a0ea2a 2506->2512 2513 70a0e8e2-70a0e8ef 2507->2513 2516 70a0eb66-70a0eb6a 2510->2516 2517 70a0eb48-70a0eb61 2510->2517 2511->2492 2512->2513 2513->2496 2516->2504 2519 70a0eb6c-70a0eb70 2516->2519 2517->2492 2521 70a0eb90-70a0eb94 2519->2521 2522 70a0eb72-70a0eb8b 2519->2522 2523 70a0ebb4-70a0ebb8 2521->2523 2524 70a0eb96-70a0ebaf 2521->2524 2522->2492 2525 70a0ebd8-70a0ebdc 2523->2525 2526 70a0ebba-70a0ebd3 2523->2526 2524->2492 2525->2492 2529 70a0ebe2-70a0ebfb 2525->2529 2526->2492 2529->2492
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Incompatible core library, xrefs: 70A0EBE9
                                                                                                                                                                                                                                                    • Check restrict mode of module failed, xrefs: 70A0EAD3
                                                                                                                                                                                                                                                    • Invalid parameter, xrefs: 70A0E910
                                                                                                                                                                                                                                                    • Loaded module __main__ not found in sys.modules, xrefs: 70A0EB9D
                                                                                                                                                                                                                                                    • Marshal loads failed, xrefs: 70A0EB79
                                                                                                                                                                                                                                                    • The python version in runtime is different from the build time, xrefs: 70A0E8B1
                                                                                                                                                                                                                                                    • NULL code object, xrefs: 70A0EA7B
                                                                                                                                                                                                                                                    • The runtime library doesn't support Advanced Mode, xrefs: 70A0EA5D
                                                                                                                                                                                                                                                    • Restore module failed, xrefs: 70A0EB01
                                                                                                                                                                                                                                                    • Check the restrict mode of module failed, xrefs: 70A0EB2B
                                                                                                                                                                                                                                                    • Python interpreter is debug version, xrefs: 70A0E940
                                                                                                                                                                                                                                                    • <frozen pyarmor>, xrefs: 70A0E6FC
                                                                                                                                                                                                                                                    • ssO|i, xrefs: 70A0E770
                                                                                                                                                                                                                                                    • The runtime library doesn't support Super Mode, xrefs: 70A0E961
                                                                                                                                                                                                                                                    • Got string from code object failed, xrefs: 70A0E7DC, 70A0E9F7
                                                                                                                                                                                                                                                    • This obfuscated script is obfuscated by old PyArmor, xrefs: 70A0EB4F
                                                                                                                                                                                                                                                    • Enable restrict mode failed, xrefs: 70A0EBC1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: strlenstrncmp
                                                                                                                                                                                                                                                    • String ID: <frozen pyarmor>$Check restrict mode of module failed$Check the restrict mode of module failed$Enable restrict mode failed$Got string from code object failed$Incompatible core library$Invalid parameter$Loaded module __main__ not found in sys.modules$Marshal loads failed$NULL code object$Python interpreter is debug version$Restore module failed$The python version in runtime is different from the build time$The runtime library doesn't support Advanced Mode$The runtime library doesn't support Super Mode$This obfuscated script is obfuscated by old PyArmor$ssO|i
                                                                                                                                                                                                                                                    • API String ID: 1310274236-189690365
                                                                                                                                                                                                                                                    • Opcode ID: c76b4630db5dba8b94918e888814963c6e56fdf8d1109c16338af8bbd98566b7
                                                                                                                                                                                                                                                    • Instruction ID: e8202e0a391df97a66eca3d7aa74d733dc9f664c9cb6af039623d3c9ba643694
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c76b4630db5dba8b94918e888814963c6e56fdf8d1109c16338af8bbd98566b7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20D14E72B09B09D5EB15CF15F88035963B5F799B88F844226D90E87728EF7CE688E341
                                                                                                                                                                                                                                                    Function 00007FF6AB565C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2850 7ff6ab565c70-7ff6ab565cab call 7ff6ab5655f8 call 7ff6ab565600 call 7ff6ab565668 2857 7ff6ab565ed5-7ff6ab565f21 call 7ff6ab55a970 call 7ff6ab5655f8 call 7ff6ab565600 call 7ff6ab565668 2850->2857 2858 7ff6ab565cb1-7ff6ab565cbc call 7ff6ab565608 2850->2858 2884 7ff6ab565f27-7ff6ab565f32 call 7ff6ab565608 2857->2884 2885 7ff6ab56605f-7ff6ab5660cd call 7ff6ab55a970 call 7ff6ab5615e8 2857->2885 2858->2857 2864 7ff6ab565cc2-7ff6ab565ccc 2858->2864 2866 7ff6ab565cee-7ff6ab565cf2 2864->2866 2867 7ff6ab565cce-7ff6ab565cd1 2864->2867 2868 7ff6ab565cf5-7ff6ab565cfd 2866->2868 2870 7ff6ab565cd4-7ff6ab565cdf 2867->2870 2868->2868 2873 7ff6ab565cff-7ff6ab565d12 call 7ff6ab55d66c 2868->2873 2871 7ff6ab565cea-7ff6ab565cec 2870->2871 2872 7ff6ab565ce1-7ff6ab565ce8 2870->2872 2871->2866 2875 7ff6ab565d1b-7ff6ab565d29 2871->2875 2872->2870 2872->2871 2880 7ff6ab565d2a-7ff6ab565d36 call 7ff6ab55a9b8 2873->2880 2881 7ff6ab565d14-7ff6ab565d16 call 7ff6ab55a9b8 2873->2881 2891 7ff6ab565d3d-7ff6ab565d45 2880->2891 2881->2875 2884->2885 2894 7ff6ab565f38-7ff6ab565f43 call 7ff6ab565638 2884->2894 2903 7ff6ab5660db-7ff6ab5660de 2885->2903 2904 7ff6ab5660cf-7ff6ab5660d6 2885->2904 2891->2891 2895 7ff6ab565d47-7ff6ab565d58 call 7ff6ab5604e4 2891->2895 2894->2885 2905 7ff6ab565f49-7ff6ab565f6c call 7ff6ab55a9b8 GetTimeZoneInformation 2894->2905 2895->2857 2902 7ff6ab565d5e-7ff6ab565db4 call 7ff6ab56a540 * 4 call 7ff6ab565b8c 2895->2902 2962 7ff6ab565db6-7ff6ab565dba 2902->2962 2909 7ff6ab566115-7ff6ab566128 call 7ff6ab55d66c 2903->2909 2910 7ff6ab5660e0 2903->2910 2908 7ff6ab56616b-7ff6ab56616e 2904->2908 2917 7ff6ab565f72-7ff6ab565f93 2905->2917 2918 7ff6ab566034-7ff6ab56605e call 7ff6ab5655f0 call 7ff6ab5655e0 call 7ff6ab5655e8 2905->2918 2914 7ff6ab5660e3 2908->2914 2915 7ff6ab566174-7ff6ab56617c call 7ff6ab565c70 2908->2915 2923 7ff6ab56612a 2909->2923 2924 7ff6ab566133-7ff6ab56614e call 7ff6ab5615e8 2909->2924 2910->2914 2920 7ff6ab5660e8-7ff6ab566114 call 7ff6ab55a9b8 call 7ff6ab54c5c0 2914->2920 2921 7ff6ab5660e3 call 7ff6ab565eec 2914->2921 2915->2920 2925 7ff6ab565f95-7ff6ab565f9b 2917->2925 2926 7ff6ab565f9e-7ff6ab565fa5 2917->2926 2921->2920 2931 7ff6ab56612c-7ff6ab566131 call 7ff6ab55a9b8 2923->2931 2949 7ff6ab566155-7ff6ab566167 call 7ff6ab55a9b8 2924->2949 2950 7ff6ab566150-7ff6ab566153 2924->2950 2925->2926 2932 7ff6ab565fa7-7ff6ab565faf 2926->2932 2933 7ff6ab565fb9 2926->2933 2931->2910 2932->2933 2939 7ff6ab565fb1-7ff6ab565fb7 2932->2939 2942 7ff6ab565fbb-7ff6ab56602f call 7ff6ab56a540 * 4 call 7ff6ab562bcc call 7ff6ab566184 * 2 2933->2942 2939->2942 2942->2918 2949->2908 2950->2931 2964 7ff6ab565dbc 2962->2964 2965 7ff6ab565dc0-7ff6ab565dc4 2962->2965 2964->2965 2965->2962 2967 7ff6ab565dc6-7ff6ab565deb call 7ff6ab556bc8 2965->2967 2973 7ff6ab565dee-7ff6ab565df2 2967->2973 2975 7ff6ab565df4-7ff6ab565dff 2973->2975 2976 7ff6ab565e01-7ff6ab565e05 2973->2976 2975->2976 2978 7ff6ab565e07-7ff6ab565e0b 2975->2978 2976->2973 2981 7ff6ab565e0d-7ff6ab565e35 call 7ff6ab556bc8 2978->2981 2982 7ff6ab565e8c-7ff6ab565e90 2978->2982 2990 7ff6ab565e37 2981->2990 2991 7ff6ab565e53-7ff6ab565e57 2981->2991 2983 7ff6ab565e97-7ff6ab565ea4 2982->2983 2984 7ff6ab565e92-7ff6ab565e94 2982->2984 2986 7ff6ab565ea6-7ff6ab565ebc call 7ff6ab565b8c 2983->2986 2987 7ff6ab565ebf-7ff6ab565ece call 7ff6ab5655f0 call 7ff6ab5655e0 2983->2987 2984->2983 2986->2987 2987->2857 2994 7ff6ab565e3a-7ff6ab565e41 2990->2994 2991->2982 2996 7ff6ab565e59-7ff6ab565e77 call 7ff6ab556bc8 2991->2996 2994->2991 2997 7ff6ab565e43-7ff6ab565e51 2994->2997 3002 7ff6ab565e83-7ff6ab565e8a 2996->3002 2997->2991 2997->2994 3002->2982 3003 7ff6ab565e79-7ff6ab565e7d 3002->3003 3003->2982 3004 7ff6ab565e7f 3003->3004 3004->3002
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565CB5
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56561C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9CE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: GetLastError.KERNEL32(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9D8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6AB55A94F,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55A979
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6AB55A94F,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55A99E
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565CA4
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56567C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F1A
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F2B
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F3C
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6AB56617C), ref: 00007FF6AB565F63
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                    • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                    • Opcode ID: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                                                                    • Instruction ID: f1a12f746bed92883581b556af2a637f70673e0ce47081ab200377bf8092962e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c9ae4c43809035ead388df1149d8e15e4647e923e6de7bb59d770bfc2eeda5e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3ED1B132A1A24686EB20DF26E4611B96761FF5C794F488136EA4DC76A7EF3CE841C740
                                                                                                                                                                                                                                                    Function 00007FF6AB5669D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3125 7ff6ab5669d4-7ff6ab566a47 call 7ff6ab566708 3128 7ff6ab566a49-7ff6ab566a52 call 7ff6ab554f58 3125->3128 3129 7ff6ab566a61-7ff6ab566a6b call 7ff6ab558590 3125->3129 3134 7ff6ab566a55-7ff6ab566a5c call 7ff6ab554f78 3128->3134 3135 7ff6ab566a6d-7ff6ab566a84 call 7ff6ab554f58 call 7ff6ab554f78 3129->3135 3136 7ff6ab566a86-7ff6ab566aef CreateFileW 3129->3136 3149 7ff6ab566da2-7ff6ab566dc2 3134->3149 3135->3134 3139 7ff6ab566b6c-7ff6ab566b77 GetFileType 3136->3139 3140 7ff6ab566af1-7ff6ab566af7 3136->3140 3142 7ff6ab566bca-7ff6ab566bd1 3139->3142 3143 7ff6ab566b79-7ff6ab566bb4 GetLastError call 7ff6ab554eec CloseHandle 3139->3143 3145 7ff6ab566b39-7ff6ab566b67 GetLastError call 7ff6ab554eec 3140->3145 3146 7ff6ab566af9-7ff6ab566afd 3140->3146 3152 7ff6ab566bd9-7ff6ab566bdc 3142->3152 3153 7ff6ab566bd3-7ff6ab566bd7 3142->3153 3143->3134 3160 7ff6ab566bba-7ff6ab566bc5 call 7ff6ab554f78 3143->3160 3145->3134 3146->3145 3147 7ff6ab566aff-7ff6ab566b37 CreateFileW 3146->3147 3147->3139 3147->3145 3157 7ff6ab566be2-7ff6ab566c37 call 7ff6ab5584a8 3152->3157 3158 7ff6ab566bde 3152->3158 3153->3157 3163 7ff6ab566c56-7ff6ab566c87 call 7ff6ab566488 3157->3163 3164 7ff6ab566c39-7ff6ab566c45 call 7ff6ab566910 3157->3164 3158->3157 3160->3134 3171 7ff6ab566c8d-7ff6ab566ccf 3163->3171 3172 7ff6ab566c89-7ff6ab566c8b 3163->3172 3164->3163 3170 7ff6ab566c47 3164->3170 3173 7ff6ab566c49-7ff6ab566c51 call 7ff6ab55ab30 3170->3173 3174 7ff6ab566cf1-7ff6ab566cfc 3171->3174 3175 7ff6ab566cd1-7ff6ab566cd5 3171->3175 3172->3173 3173->3149 3176 7ff6ab566d02-7ff6ab566d06 3174->3176 3177 7ff6ab566da0 3174->3177 3175->3174 3179 7ff6ab566cd7-7ff6ab566cec 3175->3179 3176->3177 3180 7ff6ab566d0c-7ff6ab566d51 CloseHandle CreateFileW 3176->3180 3177->3149 3179->3174 3182 7ff6ab566d86-7ff6ab566d9b 3180->3182 3183 7ff6ab566d53-7ff6ab566d81 GetLastError call 7ff6ab554eec call 7ff6ab5586d0 3180->3183 3182->3177 3183->3182
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1617910340-0
                                                                                                                                                                                                                                                    • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                                    • Instruction ID: d52f0e9e943e10ae3c99f24588f092b9056628141ae24d07cb9871ab387c5f60
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EC1A036B29A4285EB10CFA9D4A12AC3761EB4DB98F055225DF2E977E6DF38E451C300
                                                                                                                                                                                                                                                    Function 00007FF6AB565EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F1A
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56567C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F2B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56561C
                                                                                                                                                                                                                                                    • _get_daylight.LIBCMT ref: 00007FF6AB565F3C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB565638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB56564C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9CE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: GetLastError.KERNEL32(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9D8
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6AB56617C), ref: 00007FF6AB565F63
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                    • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                    • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                    • Opcode ID: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                                                                    • Instruction ID: 854b73f25f6611ef7d51f68d92e4af0d60fea259289b6d480afddeaa903b3978
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f5f64917f1a6fb99e16ec8d4eadf885fc2e5ee96e92320975b551feff7f9d51
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41515E32A1A64286E720DF26E9A15A96760FF5C784F488136EA4DC76B7DF3CE441CB40
                                                                                                                                                                                                                                                    Function 70A70C90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24nativethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • NtSetInformationThread.NTDLL ref: 70A70CF0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InformationThread
                                                                                                                                                                                                                                                    • String ID: NtSetInformationThread$ntdll.dll
                                                                                                                                                                                                                                                    • API String ID: 4046476035-3743287242
                                                                                                                                                                                                                                                    • Opcode ID: 92c065ca89abec1997848133b4d1076c9b5e49955e8ffd3d9a29227274912c27
                                                                                                                                                                                                                                                    • Instruction ID: 2fc8b2a801552d3e1343ac4fbba029e5866327fdd9809e1ff4e8e36d5b005223
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92c065ca89abec1997848133b4d1076c9b5e49955e8ffd3d9a29227274912c27
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8F01535B18A48C9EB609B16FCA074A6360F39CB88F544225DA9D87774EF6CD709CB00
                                                                                                                                                                                                                                                    Function 70A6FFB0 Relevance: 3.2, APIs: 2, Instructions: 651COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: mallocmemcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4276657696-0
                                                                                                                                                                                                                                                    • Opcode ID: 791c4f8927b015886fb24a50f2ab30a87ed52ce1407ff1ffaec066b77c2a18e9
                                                                                                                                                                                                                                                    • Instruction ID: 3f854b4e0b4bd2c5154bee269f092218abfe356dd434d68adafe375f0becdec5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 791c4f8927b015886fb24a50f2ab30a87ed52ce1407ff1ffaec066b77c2a18e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E42A131605B58C6EB248B50EC91B6E2724F799B8AF51E236DA4EEB75CCF3CE5048341
                                                                                                                                                                                                                                                    Function 00007FF6AB5492F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                                                                    • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                                    • Instruction ID: 4a386ea4fdeaab68434ed8534915358e2d4af5e404984daf8863e58036c3e24c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FF0C822A1A74187F7608F60B45976A7350FB8D338F084335D96D426E5DF3CD0588B00
                                                                                                                                                                                                                                                    Function 70A199F0 Relevance: 2280.3, APIs: 1190, Strings: 109, Instructions: 7009libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$_errno
                                                                                                                                                                                                                                                    • String ID: %s$%s,%d,0x%x,$3des$PyArg_ParseTuple$PyBool_FromLong$PyByteArray_AsString$PyBytes_AsString$PyBytes_AsStringAndSize$PyBytes_FromStringAndSize$PyBytes_Size$PyCFunction_Call$PyCFunction_NewEx$PyCell_Set$PyCode_Type$PyDict_Clear$PyDict_Copy$PyDict_GetItemString$PyDict_SetItem$PyDict_SetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Format$PyErr_NoMemory$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyErr_SetString$PyEval_EvalCode$PyEval_EvalFrameEx$PyEval_GetBuiltins$PyEval_GetFrame$PyEval_GetGlobals$PyEval_GetLocals$PyEval_SetProfile$PyEval_SetTrace$PyExc_ImportError$PyExc_RuntimeError$PyFrame_LocalsToFast$PyFrame_Type$PyFunction_Type$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ExecCodeModuleEx$PyImport_GetMagicNumber$PyImport_GetModuleDict$PyImport_ImportModule$PyList_GetItem$PyList_Size$PyLong_AsLong$PyLong_FromLong$PyMarshal_ReadObjectFromString$PyMarshal_WriteObjectToFile$PyMarshal_WriteObjectToString$PyModule_GetDict$PyObject_GetAttrString$PyObject_Print$PyObject_SetAttrString$PyObject_Size$PyObject_Type$PyString_AsStringAndSize$PyString_Format$PyString_FromStringAndSize$PyString_Size$PyString_Type$PySys_GetObject$PySys_SetObject$PyThreadState_Get$PyTuple_GetItem$PyTuple_GetSlice$PyTuple_New$PyTuple_SetItem$PyTuple_Size$PyType_GenericNew$PyUnicodeUCS2_AsUTF8String$PyUnicodeUCS2_Format$PyUnicodeUCS2_FromString$PyUnicodeUCS4_AsUTF8String$PyUnicodeUCS4_Format$PyUnicodeUCS4_FromString$PyUnicode_AsUTF8String$PyUnicode_Fill$PyUnicode_Format$PyUnicode_FromString$PyUnicode_Type$Py_BuildValue$Py_CompileString$Py_CompileStringExFlags$Py_DebugFlag$Py_DecRef$Py_Exit$Py_IncRef$Py_InspectFlag$Py_InteractiveFlag$Py_ReprEnter$_PyEval_EvalFrameDefault$_Py_NoneStruct$_Py_TrueStruct$_pytransform.c$aes$dumps$license.c$license.lic$loads$marshal$pyshield.lic$pytransform.log$sha256$sprng$wrapper.c
                                                                                                                                                                                                                                                    • API String ID: 1566810575-3086871561
                                                                                                                                                                                                                                                    • Opcode ID: 69c82d6439344a6fbf665a47c574794baa237b27a545d618bd60931fe19f736f
                                                                                                                                                                                                                                                    • Instruction ID: c6d15e650cbbfc270a07c374445c2311c5310b700580a82d554581e20cfc369d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69c82d6439344a6fbf665a47c574794baa237b27a545d618bd60931fe19f736f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FE38EB0B19712E9EB049B11F91079C23A5FB99BC4F844226D94E5B3A8DF3CF646C316
                                                                                                                                                                                                                                                    Function 70A0DA10 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 96COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2416 70a0da10-70a0da30 call 70a05fd0 2419 70a0da80-70a0da8f 2416->2419 2420 70a0da32-70a0da64 call 70a0a7b0 2416->2420 2421 70a0daa0-70a0dab9 call 70a04230 2419->2421 2422 70a0da91-70a0da9b _errno 2419->2422 2424 70a0da69-70a0da6f free 2420->2424 2428 70a0db4c-70a0db7e fprintf 2421->2428 2429 70a0dabf-70a0dac5 _errno 2421->2429 2425 70a0da74-70a0da7e 2422->2425 2424->2425 2433 70a0db1a-70a0db47 fprintf fputc 2428->2433 2430 70a0db80-70a0db9b _errno strerror fprintf 2429->2430 2431 70a0dacb-70a0db13 fprintf * 2 fputc fclose 2429->2431 2430->2431 2431->2433 2433->2422
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 70A05FD0: getenv.MSVCRT ref: 70A06066
                                                                                                                                                                                                                                                    • _errno.MSVCRT ref: 70A0DA91
                                                                                                                                                                                                                                                      • Part of subcall function 70A0A7B0: strncmp.MSVCRT ref: 70A0A891
                                                                                                                                                                                                                                                      • Part of subcall function 70A0A7B0: strchr.MSVCRT ref: 70A0A8A2
                                                                                                                                                                                                                                                    • free.MSVCRT ref: 70A0DA6F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _errnofreegetenvstrchrstrncmp
                                                                                                                                                                                                                                                    • String ID: %s$%s,%d,0x%x,$license.c$license.lic$product.key$pytransform.log
                                                                                                                                                                                                                                                    • API String ID: 2166687660-2554675036
                                                                                                                                                                                                                                                    • Opcode ID: f49bbfc885949fc6f5b7b13ad9905d3abf42234ccb0454b874f8190444b7fbc6
                                                                                                                                                                                                                                                    • Instruction ID: f6921e39fbe2ea8bfa082a9b4ee5395fcf71dbb820493b4c50599c7430b0b608
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f49bbfc885949fc6f5b7b13ad9905d3abf42234ccb0454b874f8190444b7fbc6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B31E671B2831699EF019B61F90179D63A1AB89BC4F844226ED4D1B76CEF3CF906C306
                                                                                                                                                                                                                                                    Function 70A04A00 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2532 70a04a00-70a04a19 call 70a6ffb0 2535 70a04a25-70a04a62 2532->2535 2536 70a04a1b-70a04a23 2532->2536 2536->2535 2537 70a04a63-70a04a7c call 70a04230 2536->2537 2540 70a04b20-70a04b52 fprintf 2537->2540 2541 70a04a82-70a04a90 _errno 2537->2541 2546 70a04ae8-70a04b18 fprintf fputc 2540->2546 2542 70a04b54-70a04b70 _errno strerror fprintf 2541->2542 2543 70a04a96-70a04ae1 call 70a96ca0 fprintf fputc fclose 2541->2543 2542->2543 2543->2546 2546->2535
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: fprintf$fputc$_errnofclosemallocmemcpy
                                                                                                                                                                                                                                                    • String ID: %s$%s,%d,0x%x,$protect.c$pytransform.log$!
                                                                                                                                                                                                                                                    • API String ID: 1944142573-152705595
                                                                                                                                                                                                                                                    • Opcode ID: f4f11d98654f22f3108b67875ee014831f8f5b40bde045c54f5d2bc865fddc6d
                                                                                                                                                                                                                                                    • Instruction ID: ce169459db75e4695f2d7c2963c1d399baeddfc44ec2600ce0a200b673199cc4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4f11d98654f22f3108b67875ee014831f8f5b40bde045c54f5d2bc865fddc6d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E331B4517182819EEB159B36B950BAD6B70EF86BC8F484165DECD0736AEE2CF403C319
                                                                                                                                                                                                                                                    Function 00007FF6AB541950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2550 7ff6ab541950-7ff6ab54198b call 7ff6ab5445b0 2553 7ff6ab541991-7ff6ab5419d1 call 7ff6ab547f80 2550->2553 2554 7ff6ab541c4e-7ff6ab541c72 call 7ff6ab54c5c0 2550->2554 2559 7ff6ab5419d7-7ff6ab5419e7 call 7ff6ab550744 2553->2559 2560 7ff6ab541c3b-7ff6ab541c3e call 7ff6ab5500bc 2553->2560 2565 7ff6ab5419e9-7ff6ab541a03 call 7ff6ab554f78 call 7ff6ab542910 2559->2565 2566 7ff6ab541a08-7ff6ab541a24 call 7ff6ab55040c 2559->2566 2564 7ff6ab541c43-7ff6ab541c4b 2560->2564 2564->2554 2565->2560 2572 7ff6ab541a26-7ff6ab541a40 call 7ff6ab554f78 call 7ff6ab542910 2566->2572 2573 7ff6ab541a45-7ff6ab541a5a call 7ff6ab554f98 2566->2573 2572->2560 2580 7ff6ab541a5c-7ff6ab541a76 call 7ff6ab554f78 call 7ff6ab542910 2573->2580 2581 7ff6ab541a7b-7ff6ab541afc call 7ff6ab541c80 * 2 call 7ff6ab550744 2573->2581 2580->2560 2592 7ff6ab541b01-7ff6ab541b14 call 7ff6ab554fb4 2581->2592 2595 7ff6ab541b16-7ff6ab541b30 call 7ff6ab554f78 call 7ff6ab542910 2592->2595 2596 7ff6ab541b35-7ff6ab541b4e call 7ff6ab55040c 2592->2596 2595->2560 2602 7ff6ab541b50-7ff6ab541b6a call 7ff6ab554f78 call 7ff6ab542910 2596->2602 2603 7ff6ab541b6f-7ff6ab541b8b call 7ff6ab550180 2596->2603 2602->2560 2610 7ff6ab541b8d-7ff6ab541b99 call 7ff6ab542710 2603->2610 2611 7ff6ab541b9e-7ff6ab541bac 2603->2611 2610->2560 2611->2560 2614 7ff6ab541bb2-7ff6ab541bb9 2611->2614 2616 7ff6ab541bc1-7ff6ab541bc7 2614->2616 2617 7ff6ab541bc9-7ff6ab541bd6 2616->2617 2618 7ff6ab541be0-7ff6ab541bef 2616->2618 2619 7ff6ab541bf1-7ff6ab541bfa 2617->2619 2618->2618 2618->2619 2620 7ff6ab541bfc-7ff6ab541bff 2619->2620 2621 7ff6ab541c0f 2619->2621 2620->2621 2623 7ff6ab541c01-7ff6ab541c04 2620->2623 2622 7ff6ab541c11-7ff6ab541c24 2621->2622 2625 7ff6ab541c26 2622->2625 2626 7ff6ab541c2d-7ff6ab541c39 2622->2626 2623->2621 2624 7ff6ab541c06-7ff6ab541c09 2623->2624 2624->2621 2627 7ff6ab541c0b-7ff6ab541c0d 2624->2627 2625->2626 2626->2560 2626->2616 2627->2622
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB547F80: _fread_nolock.LIBCMT ref: 00007FF6AB54802A
                                                                                                                                                                                                                                                    • _fread_nolock.LIBCMT ref: 00007FF6AB541A1B
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6AB541B6A), ref: 00007FF6AB54295E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                    • Opcode ID: 6d43d2f5094c02a69a50d2278f5fdcc42b4033f4591644595bdd37c4696fd258
                                                                                                                                                                                                                                                    • Instruction ID: 4eb662bbfa2299ffc4682e6ac8210033b885a39470c8de4d51d0dcb08d7781ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d43d2f5094c02a69a50d2278f5fdcc42b4033f4591644595bdd37c4696fd258
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2081E131E0A68685EB20DF25D8512BA37A2EF4C780F444131EA8DC77A7DE3DE1959B40
                                                                                                                                                                                                                                                    Function 70A94ED0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2628 70a94ed0-70a94ee8 2629 70a94eea-70a94efc 2628->2629 2630 70a94f22-70a94f25 2628->2630 2631 70a95010-70a95012 2629->2631 2632 70a94f02-70a94f04 2629->2632 2633 70a94f27-70a94f39 _errno 2630->2633 2634 70a95044-70a9504f 2631->2634 2635 70a95014-70a95025 2631->2635 2636 70a94f0a-70a94f12 2632->2636 2637 70a95030-70a95032 2632->2637 2638 70a94f3f-70a94f43 2633->2638 2639 70a94ff0-70a94ff9 _errno 2633->2639 2634->2633 2635->2633 2643 70a94f1d-70a94f20 2636->2643 2644 70a94f14-70a94f1b 2636->2644 2641 70a95088-70a9508d 2637->2641 2642 70a95034-70a9503a 2637->2642 2638->2639 2645 70a94f49-70a94f4c 2638->2645 2640 70a94fff-70a9500e 2639->2640 2642->2634 2643->2633 2644->2633 2644->2643 2645->2639 2646 70a94f52-70a94f5d 2645->2646 2647 70a94f63-70a94f91 CreateFileMappingA 2646->2647 2648 70a95054-70a95068 _get_osfhandle 2646->2648 2649 70a94fc8-70a94fea GetLastError _errno 2647->2649 2650 70a94f93-70a94fc6 MapViewOfFile CloseHandle 2647->2650 2648->2647 2651 70a9506e-70a95083 _errno 2648->2651 2650->2640 2650->2649 2651->2640
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                                                                                    • String ID: $@$@
                                                                                                                                                                                                                                                    • API String ID: 896588047-3743272326
                                                                                                                                                                                                                                                    • Opcode ID: ad2b5d174cbbaebff85b719ff44f08ee0dbd8e41e6a4b1a3aa829fbda9743842
                                                                                                                                                                                                                                                    • Instruction ID: cee35e83c8d40c509c7011d4e926b2c1f3f4ee977901ab9e023c1a7fa3cdb22f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad2b5d174cbbaebff85b719ff44f08ee0dbd8e41e6a4b1a3aa829fbda9743842
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B413473F206608AEB224B16AC00B4D62A5B74DFB5F490326DE7A077D8EB7CD9408344
                                                                                                                                                                                                                                                    Function 70A0DC10 Relevance: 15.6, APIs: 4, Strings: 6, Instructions: 579stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free$strlenstrncmp
                                                                                                                                                                                                                                                    • String ID: __main__$__mp_main__$__parents_main__$__spec__$frame$obfmode.c
                                                                                                                                                                                                                                                    • API String ID: 2569063720-2363144754
                                                                                                                                                                                                                                                    • Opcode ID: 9a45565e18b75a5447e2f016580587f7e659d027c769f9bb72108192bcf79f9e
                                                                                                                                                                                                                                                    • Instruction ID: 57daabeed09556e80a5bddd4dce35138cf8524be36cbd361d1afad0cbb098257
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a45565e18b75a5447e2f016580587f7e659d027c769f9bb72108192bcf79f9e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D432ED72A09608D6EB15CB21FA4036D2766B749B88F404629CD0F4B7ACFB7CE985D701
                                                                                                                                                                                                                                                    Function 00007FF6AB541470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                    • Opcode ID: e552b23e42b6966916e886188aef8473d3350f89e3f72804a24c105631fece28
                                                                                                                                                                                                                                                    • Instruction ID: 1646df6283b140bda9cbc3e07ecd5c7cf7ec4234c40e3547f5ce25a0748607c6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e552b23e42b6966916e886188aef8473d3350f89e3f72804a24c105631fece28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D419D22E4A69285EB00DF22A8111F96791FF4C794F884532ED1D87BBBDE3CE5529B04
                                                                                                                                                                                                                                                    Function 00007FF6AB541210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3188 7ff6ab541210-7ff6ab54126d call 7ff6ab54bdf0 3191 7ff6ab541297-7ff6ab5412af call 7ff6ab554fb4 3188->3191 3192 7ff6ab54126f-7ff6ab541296 call 7ff6ab542710 3188->3192 3197 7ff6ab5412b1-7ff6ab5412cf call 7ff6ab554f78 call 7ff6ab542910 3191->3197 3198 7ff6ab5412d4-7ff6ab5412e4 call 7ff6ab554fb4 3191->3198 3211 7ff6ab541439-7ff6ab54146d call 7ff6ab54bad0 call 7ff6ab554fa0 * 2 3197->3211 3204 7ff6ab541309-7ff6ab54131b 3198->3204 3205 7ff6ab5412e6-7ff6ab541304 call 7ff6ab554f78 call 7ff6ab542910 3198->3205 3207 7ff6ab541320-7ff6ab541345 call 7ff6ab55040c 3204->3207 3205->3211 3217 7ff6ab54134b-7ff6ab541355 call 7ff6ab550180 3207->3217 3218 7ff6ab541431 3207->3218 3217->3218 3223 7ff6ab54135b-7ff6ab541367 3217->3223 3218->3211 3226 7ff6ab541370-7ff6ab541398 call 7ff6ab54a230 3223->3226 3229 7ff6ab541416-7ff6ab54142c call 7ff6ab542710 3226->3229 3230 7ff6ab54139a-7ff6ab54139d 3226->3230 3229->3218 3231 7ff6ab541411 3230->3231 3232 7ff6ab54139f-7ff6ab5413a9 3230->3232 3231->3229 3234 7ff6ab5413ab-7ff6ab5413b9 call 7ff6ab550b4c 3232->3234 3235 7ff6ab5413d4-7ff6ab5413d7 3232->3235 3239 7ff6ab5413be-7ff6ab5413c1 3234->3239 3237 7ff6ab5413d9-7ff6ab5413e7 call 7ff6ab569ea0 3235->3237 3238 7ff6ab5413ea-7ff6ab5413ef 3235->3238 3237->3238 3238->3226 3241 7ff6ab5413f5-7ff6ab5413f8 3238->3241 3242 7ff6ab5413cf-7ff6ab5413d2 3239->3242 3243 7ff6ab5413c3-7ff6ab5413cd call 7ff6ab550180 3239->3243 3245 7ff6ab54140c-7ff6ab54140f 3241->3245 3246 7ff6ab5413fa-7ff6ab5413fd 3241->3246 3242->3229 3243->3238 3243->3242 3245->3218 3246->3229 3248 7ff6ab5413ff-7ff6ab541407 3246->3248 3248->3207
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                    • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                    • Opcode ID: 0fca6e7335867edc6b8860f5dfbc0b69d345714f0ea111fe4b1d6fcc205b14f0
                                                                                                                                                                                                                                                    • Instruction ID: 2afad68a0589e35f97df838e05223ebb759905e6a2403229b875d9d06470faf9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fca6e7335867edc6b8860f5dfbc0b69d345714f0ea111fe4b1d6fcc205b14f0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC51F622E0A68281E660AF16A8503BA6792FF8D794F484531ED4DC77E7EF3CE551D700
                                                                                                                                                                                                                                                    Function 00007FF6AB55ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3250 7ff6ab55ed80-7ff6ab55edd2 3251 7ff6ab55edd8-7ff6ab55eddb 3250->3251 3252 7ff6ab55eec3 3250->3252 3253 7ff6ab55eddd-7ff6ab55ede0 3251->3253 3254 7ff6ab55ede5-7ff6ab55ede8 3251->3254 3255 7ff6ab55eec5-7ff6ab55eee1 3252->3255 3253->3255 3256 7ff6ab55eea8-7ff6ab55eebb 3254->3256 3257 7ff6ab55edee-7ff6ab55edfd 3254->3257 3256->3252 3258 7ff6ab55ee0d-7ff6ab55ee2c LoadLibraryExW 3257->3258 3259 7ff6ab55edff-7ff6ab55ee02 3257->3259 3262 7ff6ab55eee2-7ff6ab55eef7 3258->3262 3263 7ff6ab55ee32-7ff6ab55ee3b GetLastError 3258->3263 3260 7ff6ab55ee08 3259->3260 3261 7ff6ab55ef02-7ff6ab55ef11 GetProcAddress 3259->3261 3264 7ff6ab55ee94-7ff6ab55ee9b 3260->3264 3266 7ff6ab55ef13-7ff6ab55ef3a 3261->3266 3267 7ff6ab55eea1 3261->3267 3262->3261 3265 7ff6ab55eef9-7ff6ab55eefc FreeLibrary 3262->3265 3268 7ff6ab55ee3d-7ff6ab55ee54 call 7ff6ab555278 3263->3268 3269 7ff6ab55ee82-7ff6ab55ee8c 3263->3269 3264->3257 3264->3267 3265->3261 3266->3255 3267->3256 3268->3269 3272 7ff6ab55ee56-7ff6ab55ee6a call 7ff6ab555278 3268->3272 3269->3264 3272->3269 3275 7ff6ab55ee6c-7ff6ab55ee80 LoadLibraryExW 3272->3275 3275->3262 3275->3269
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF6AB55F11A,?,?,-00000018,00007FF6AB55ADC3,?,?,?,00007FF6AB55ACBA,?,?,?,00007FF6AB555FAE), ref: 00007FF6AB55EEFC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF6AB55F11A,?,?,-00000018,00007FF6AB55ADC3,?,?,?,00007FF6AB55ACBA,?,?,?,00007FF6AB555FAE), ref: 00007FF6AB55EF08
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                    • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                                    • Instruction ID: dd2d775fecfacd5ab916057db576a9d95b171c71e99041f92b315779905bc8ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3411421B2AA0241FA16CF13A8146752395BF4DBA0F884639DD1DC7BA6EF3CE4858304
                                                                                                                                                                                                                                                    Function 00007FF6AB5436B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00007FF6AB543804), ref: 00007FF6AB5436E1
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB543804), ref: 00007FF6AB5436EB
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB543706,?,00007FF6AB543804), ref: 00007FF6AB542C9E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB543706,?,00007FF6AB543804), ref: 00007FF6AB542D63
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542C50: MessageBoxW.USER32 ref: 00007FF6AB542D99
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                                    • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                    • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                                    • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                                    • Instruction ID: ed919c96dddc470ec5acd30c77261018f016f6e4efff2c896723a9e87a464ac0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A21B861F2E64251FA20AF20E8553BA2362BF8D355F444132D59DC25F7EE6CE614C700
                                                                                                                                                                                                                                                    Function 00007FF6AB55BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3375 7ff6ab55bacc-7ff6ab55baf2 3376 7ff6ab55bb0d-7ff6ab55bb11 3375->3376 3377 7ff6ab55baf4-7ff6ab55bb08 call 7ff6ab554f58 call 7ff6ab554f78 3375->3377 3378 7ff6ab55bee7-7ff6ab55bef3 call 7ff6ab554f58 call 7ff6ab554f78 3376->3378 3379 7ff6ab55bb17-7ff6ab55bb1e 3376->3379 3391 7ff6ab55befe 3377->3391 3398 7ff6ab55bef9 call 7ff6ab55a950 3378->3398 3379->3378 3381 7ff6ab55bb24-7ff6ab55bb52 3379->3381 3381->3378 3385 7ff6ab55bb58-7ff6ab55bb5f 3381->3385 3388 7ff6ab55bb78-7ff6ab55bb7b 3385->3388 3389 7ff6ab55bb61-7ff6ab55bb73 call 7ff6ab554f58 call 7ff6ab554f78 3385->3389 3394 7ff6ab55bee3-7ff6ab55bee5 3388->3394 3395 7ff6ab55bb81-7ff6ab55bb87 3388->3395 3389->3398 3396 7ff6ab55bf01-7ff6ab55bf18 3391->3396 3394->3396 3395->3394 3399 7ff6ab55bb8d-7ff6ab55bb90 3395->3399 3398->3391 3399->3389 3402 7ff6ab55bb92-7ff6ab55bbb7 3399->3402 3404 7ff6ab55bbea-7ff6ab55bbf1 3402->3404 3405 7ff6ab55bbb9-7ff6ab55bbbb 3402->3405 3408 7ff6ab55bbc6-7ff6ab55bbdd call 7ff6ab554f58 call 7ff6ab554f78 call 7ff6ab55a950 3404->3408 3409 7ff6ab55bbf3-7ff6ab55bc1b call 7ff6ab55d66c call 7ff6ab55a9b8 * 2 3404->3409 3406 7ff6ab55bbbd-7ff6ab55bbc4 3405->3406 3407 7ff6ab55bbe2-7ff6ab55bbe8 3405->3407 3406->3407 3406->3408 3411 7ff6ab55bc68-7ff6ab55bc7f 3407->3411 3439 7ff6ab55bd70 3408->3439 3435 7ff6ab55bc1d-7ff6ab55bc33 call 7ff6ab554f78 call 7ff6ab554f58 3409->3435 3436 7ff6ab55bc38-7ff6ab55bc63 call 7ff6ab55c2f4 3409->3436 3414 7ff6ab55bcfa-7ff6ab55bd04 call 7ff6ab56398c 3411->3414 3415 7ff6ab55bc81-7ff6ab55bc89 3411->3415 3426 7ff6ab55bd0a-7ff6ab55bd1f 3414->3426 3427 7ff6ab55bd8e 3414->3427 3415->3414 3419 7ff6ab55bc8b-7ff6ab55bc8d 3415->3419 3419->3414 3423 7ff6ab55bc8f-7ff6ab55bca5 3419->3423 3423->3414 3428 7ff6ab55bca7-7ff6ab55bcb3 3423->3428 3426->3427 3433 7ff6ab55bd21-7ff6ab55bd33 GetConsoleMode 3426->3433 3431 7ff6ab55bd93-7ff6ab55bdb3 ReadFile 3427->3431 3428->3414 3434 7ff6ab55bcb5-7ff6ab55bcb7 3428->3434 3437 7ff6ab55bead-7ff6ab55beb6 GetLastError 3431->3437 3438 7ff6ab55bdb9-7ff6ab55bdc1 3431->3438 3433->3427 3440 7ff6ab55bd35-7ff6ab55bd3d 3433->3440 3434->3414 3441 7ff6ab55bcb9-7ff6ab55bcd1 3434->3441 3435->3439 3436->3411 3447 7ff6ab55beb8-7ff6ab55bece call 7ff6ab554f78 call 7ff6ab554f58 3437->3447 3448 7ff6ab55bed3-7ff6ab55bed6 3437->3448 3438->3437 3444 7ff6ab55bdc7 3438->3444 3449 7ff6ab55bd73-7ff6ab55bd7d call 7ff6ab55a9b8 3439->3449 3440->3431 3446 7ff6ab55bd3f-7ff6ab55bd61 ReadConsoleW 3440->3446 3441->3414 3442 7ff6ab55bcd3-7ff6ab55bcdf 3441->3442 3442->3414 3450 7ff6ab55bce1-7ff6ab55bce3 3442->3450 3454 7ff6ab55bdce-7ff6ab55bde3 3444->3454 3456 7ff6ab55bd63 GetLastError 3446->3456 3457 7ff6ab55bd82-7ff6ab55bd8c 3446->3457 3447->3439 3451 7ff6ab55bedc-7ff6ab55bede 3448->3451 3452 7ff6ab55bd69-7ff6ab55bd6b call 7ff6ab554eec 3448->3452 3449->3396 3450->3414 3461 7ff6ab55bce5-7ff6ab55bcf5 3450->3461 3451->3449 3452->3439 3454->3449 3463 7ff6ab55bde5-7ff6ab55bdf0 3454->3463 3456->3452 3457->3454 3461->3414 3467 7ff6ab55be17-7ff6ab55be1f 3463->3467 3468 7ff6ab55bdf2-7ff6ab55be0b call 7ff6ab55b6e4 3463->3468 3472 7ff6ab55be9b-7ff6ab55bea8 call 7ff6ab55b524 3467->3472 3473 7ff6ab55be21-7ff6ab55be33 3467->3473 3475 7ff6ab55be10-7ff6ab55be12 3468->3475 3472->3475 3476 7ff6ab55be35 3473->3476 3477 7ff6ab55be8e-7ff6ab55be96 3473->3477 3475->3449 3479 7ff6ab55be3a-7ff6ab55be41 3476->3479 3477->3449 3480 7ff6ab55be7d-7ff6ab55be88 3479->3480 3481 7ff6ab55be43-7ff6ab55be47 3479->3481 3480->3477 3482 7ff6ab55be49-7ff6ab55be50 3481->3482 3483 7ff6ab55be63 3481->3483 3482->3483 3484 7ff6ab55be52-7ff6ab55be56 3482->3484 3485 7ff6ab55be69-7ff6ab55be79 3483->3485 3484->3483 3486 7ff6ab55be58-7ff6ab55be61 3484->3486 3485->3479 3487 7ff6ab55be7b 3485->3487 3486->3485 3487->3477
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 2e9ec559793cd78946ccf1fde0a110b7883fce20fe8558fd890645317879f727
                                                                                                                                                                                                                                                    • Instruction ID: a77da9142aed2c499d92a71c087137fed8fe0f9ace78e7785a0a933e6e506ef1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e9ec559793cd78946ccf1fde0a110b7883fce20fe8558fd890645317879f727
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7C1D662A0E68741E7608F1594483BD7B60EF8DB81F594231EA4E837B7CF7EE8458708
                                                                                                                                                                                                                                                    Function 00007FF6AB546350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                    • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                    • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                                    • Instruction ID: 06c29f5608c3eb7b6dc10de742a4fcd73a66807a3fca9bc60a857abea4cc7c8a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF418231A1A68791EA15EF21E4552E96322FF5C384F804132EA5DC36B7EF3CE625C740
                                                                                                                                                                                                                                                    Function 00007FF6AB55F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4170891091-0
                                                                                                                                                                                                                                                    • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                                    • Instruction ID: 492d3372315adcf7d60bd2ce7ae8d6dc69bc879d0b251f6d1df991938f7a83af
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3510872F0A3118AFB14DF64D9556BC27A1AB58369F504235DF1ED2AF6DF38A442C700
                                                                                                                                                                                                                                                    Function 00007FF6AB5557EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2780335769-0
                                                                                                                                                                                                                                                    • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                                    • Instruction ID: 4e0f2c056a7cb57af14194b401e34eafabc6b0e8d790e23fa9b708c8d46090c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB517B32E0A6418AFB10DFB1E4503BD23B1AB48B59F148639DE4D976AADF3DE445C704
                                                                                                                                                                                                                                                    Function 00007FF6AB555698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279662727-0
                                                                                                                                                                                                                                                    • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                                    • Instruction ID: d6ded2a28416560b3216a062abea6de754ae5cde55bd35eabf964f21f4763683
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1341AF32E2978283E7148F20A5503697360FF987A5F108335EA9C83AE7DF7DA5E08744
                                                                                                                                                                                                                                                    Function 70A70DE0 Relevance: 6.0, APIs: 4, Instructions: 38threadinjectionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Thread$ContextCurrent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 195563550-0
                                                                                                                                                                                                                                                    • Opcode ID: 99d3b8c55569807b5a3df5e2c7eff14ca15bcf6d4e21b9a73be53227edca2030
                                                                                                                                                                                                                                                    • Instruction ID: 1eddd6dec481bea909cc2e88b09db8f3e19057b72cd79a9069f816696097565b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99d3b8c55569807b5a3df5e2c7eff14ca15bcf6d4e21b9a73be53227edca2030
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3112532508744C9EB518B25F918B1EB3E2F788794F509629F6C99669CCFBCC189CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB54CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3251591375-0
                                                                                                                                                                                                                                                    • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                                    • Instruction ID: 977beaa59bc3605272e81c760b6d6d1c5dab917cca602cb4c418c94e4d855848
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67316110E0F28355FA54AF65D4623F927939F8E384F440435EA4ECB2F7DE2DA825C644
                                                                                                                                                                                                                                                    Function 00007FF6AB559AA0 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                                                                    • Instruction ID: f46f9726954f6b472cf25f5af9db06d4db83dcbcb9ee5bd60ec4614ee4bd859e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 230ddfbeb2cfdc83e04e02b0fbb537ff9f96aef2fd2a5ab3fdce6eee95276a48
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AD09214F1A74652EB583F709CAA17812516F8CB42F182538D80B8A3B3ED3EA8498314
                                                                                                                                                                                                                                                    Function 00007FF6AB5501AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                                    • Instruction ID: b3f51d83c16f1fbb2a20b9623585dedb88af51a785c31b151a51376dc11d78e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42510631B0B68686EB289E25980067A62D1BF4CBA5F1D4734DE6C877E7CF3CE4018609
                                                                                                                                                                                                                                                    Function 00007FF6AB55C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                                                                                    • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                                    • Instruction ID: ba09c85130ed8e0236dd00325ace2cd30594a518a5477e2f60d7d1222cdc451f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD11E361B19A8181DA108F25A8541696761BB4ABF4F584331EE7D8B7FACF7CD0118704
                                                                                                                                                                                                                                                    Function 00007FF6AB555994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB5558A9), ref: 00007FF6AB5559C7
                                                                                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB5558A9), ref: 00007FF6AB5559DD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1707611234-0
                                                                                                                                                                                                                                                    • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                                    • Instruction ID: d143311e0e762a0b3590230b350295b8ae64c6328db98aac67cc4dff8d3f1fe2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2118F3261D64282EA648F51E45123EB760FB897B2F900336EA99C19E9EF6DD054CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB55A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9CE
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9D8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 485612231-0
                                                                                                                                                                                                                                                    • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                                    • Instruction ID: 7457aeb82203b2f2bdc8c0eb145b3df674063ee8cabc66b2fec806e965177b13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77E08C10F0B24242FF096FF2A89613912606F8CB42F080234D81DC62B3EE2CA8858704
                                                                                                                                                                                                                                                    Function 00007FF6AB55ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00007FF6AB55AA45,?,?,00000000,00007FF6AB55AAFA), ref: 00007FF6AB55AC36
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6AB55AA45,?,?,00000000,00007FF6AB55AAFA), ref: 00007FF6AB55AC40
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 918212764-0
                                                                                                                                                                                                                                                    • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                                    • Instruction ID: 3d8ee862a167790e8cad6f8a1a402f337db1193f35f4320251b993cc904fc746
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83219611F1E68242FB945F61949427D16829F8C7A2F084335EA5EC77F7DEACE4458304
                                                                                                                                                                                                                                                    Function 00007FF6AB55BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                                    • Instruction ID: 593ea83b8ffe4e9ccd66a6acf6a905de4f39b78661203755afcc3bca2880e2e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D041D43290A24187EA349F19A54427D77A4EF5AB86F100331DA8EC76B3CF2EE442CB55
                                                                                                                                                                                                                                                    Function 00007FF6AB547F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _fread_nolock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 840049012-0
                                                                                                                                                                                                                                                    • Opcode ID: 1086e9df8dc4f681a4899f0719cc96f65f635af16edbba4784dd51baaa24c98e
                                                                                                                                                                                                                                                    • Instruction ID: a316a1fc65a523605030f0943ce561742fe182693af4283907dd26a5475df217
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1086e9df8dc4f681a4899f0719cc96f65f635af16edbba4784dd51baaa24c98e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21E521B2A69285FA55AF1269043BAAB92BF4DBC4F8C4430EE1D87797CE7DE051C600
                                                                                                                                                                                                                                                    Function 00007FF6AB55B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                                                                    • Instruction ID: a4a59d30141f271f42ae8d9cc57ff526cdcaaed826716be9431013f5f6104da1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A31D331A1A68285F7516F59D84537C3A60AF48B96F820335E92D833F3DF7DE4418728
                                                                                                                                                                                                                                                    Function 00007FF6AB5599D1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3947729631-0
                                                                                                                                                                                                                                                    • Opcode ID: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                                                                    • Instruction ID: c061be00119a61f60271271e72c7dca7ddc0343f61b4b67b850384ad78943521
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67799cafce48778543f3f8f4be5d8193b6380671b5390c3378b203fc6564281
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22218E72E067828AEB658F64C4842EC37A0EB48719F480735D62D86AE6DF3CD584C754
                                                                                                                                                                                                                                                    Function 00007FF6AB556004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                    • Instruction ID: 8775943674dbee4e118b66757b301f13e8ed038126009a583e75e638d328fee1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B115472A1E6C181EA609F51A80137EA264AF49B85F544231FF4CD7BB7DF3EE4408709
                                                                                                                                                                                                                                                    Function 00007FF6AB5663C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                                    • Instruction ID: f2ca04e2569d8cf95ca0b8dc97f037813a44196bf9086589a738c07aab265e80
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B219672619A8287DB619F18D4903B976A0FF88B95F184334EA9DC76EADF3DD400CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB55042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3215553584-0
                                                                                                                                                                                                                                                    • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                    • Instruction ID: 4c8f4fd1649e80da73158e02b62943ed30524da58c9db50b979096ca780b9185
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE01C421A0978181EA04EF529901179A6D1BF99FE1F0C4731EE5C97BE7CE3CF0014704
                                                                                                                                                                                                                                                    Function 70A96550 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                    • Opcode ID: 55520103505fb2b0f5347ec77b52210e5f6cab78dcb607584f853220d99b3cc2
                                                                                                                                                                                                                                                    • Instruction ID: 718997596fe409d23c43e28f549ccab20ff1ae5dcb4ef59b1ee5d8ebc4f539c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55520103505fb2b0f5347ec77b52210e5f6cab78dcb607584f853220d99b3cc2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9F01CB033603086EB330522C700F6C26E85F06790E7A410A99164EEECE55FC685AF4E
                                                                                                                                                                                                                                                    Function 70A70BE0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: feaaaa0cf51caa3f99b8a002e9c14e1708ff5625ace8c5f16572cee7fcd3e753
                                                                                                                                                                                                                                                    • Instruction ID: cbaeaf6c6e5f43d82b82c2969cc58d8f7f5016185a0d7430ba8a2f7ee5861c2d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: feaaaa0cf51caa3f99b8a002e9c14e1708ff5625ace8c5f16572cee7fcd3e753
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3F0EC60F06201CEF7156B726E42B1D11A16FAC344F90F538E409C129CE72CF584CB51
                                                                                                                                                                                                                                                    Function 00007FF6AB549070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB549400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6AB5445E4,00000000,00007FF6AB541985), ref: 00007FF6AB549439
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00007FF6AB546466,?,00007FF6AB54336E), ref: 00007FF6AB549092
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2592636585-0
                                                                                                                                                                                                                                                    • Opcode ID: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                                    • Instruction ID: d741b2f96df70d916b662f4ce45a1ea20f073e82ff7962a083614e020ef841a8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7140f7c55cf735ced6a4f02887063d730e60c19ae08c919a697b9dfe54228ee6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AD0C211F2928541EA54AB6BBA476395252AFCDBC4F88C035EE0D43B6BDC3DC0518B00
                                                                                                                                                                                                                                                    Function 70A94120 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2221118986-0
                                                                                                                                                                                                                                                    • Opcode ID: ad683bb627b7ab02320f166490d90dff12a04f907f4fe6b01c8a673c6386ec2c
                                                                                                                                                                                                                                                    • Instruction ID: 8064f0211f80f956083993993018be11ab48410aace7100781154c00130ccf7b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad683bb627b7ab02320f166490d90dff12a04f907f4fe6b01c8a673c6386ec2c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F9178B2720B9486DB558F26D04175D3BE5F709FD8F18421AEE8A1B39CDBB8C895C384
                                                                                                                                                                                                                                                    Function 00007FF6AB55D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • HeapAlloc.KERNEL32(?,?,?,00007FF6AB550D00,?,?,?,00007FF6AB55236A,?,?,?,?,?,00007FF6AB553B59), ref: 00007FF6AB55D6AA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4292702814-0
                                                                                                                                                                                                                                                    • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                                    • Instruction ID: d9299b4eb12a1dda7fed9b57b5274e33f84a664d7c9be1df3a6e07dff94eabe2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F0FE12B0B34645FE546F615951A7912905F5C7A2F080730DD2EC53F7DE2CA4938915
                                                                                                                                                                                                                                                    Function 70A70FE0 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2601256964.0000000070A01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601171913.0000000070A00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601352652.0000000070A98000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601425248.0000000070A99000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601504787.0000000070AF9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601543256.0000000070B22000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601575139.0000000070B28000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601603673.0000000070B2A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601627163.0000000070B2B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601651399.0000000070B2C000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2601677908.0000000070B2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_70a00000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1294909896-0
                                                                                                                                                                                                                                                    • Opcode ID: 9287e08c20975ed3c19586d29dd955b81908fc052125fea48543a92b48a8a35e
                                                                                                                                                                                                                                                    • Instruction ID: 37ad8e1b3b36a6959367083b20d05beb5750edcd6c0f735069558d2b0438d4bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9287e08c20975ed3c19586d29dd955b81908fc052125fea48543a92b48a8a35e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43C08CA6A13A00C1FF198BB2FC503383220AF5CF05F189010CE0A463408F2C90D18701

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00007FF6AB548BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                                    • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                                    • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                                    • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                                    • Instruction ID: ae088b3e16955da781c172a11348f14286a27f5e828904657e8af56ef8c75aff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2D18F32B0AB8296EB109F74E8652AD3765FF88B58F440235DA5D83ABADF3CD155C700
                                                                                                                                                                                                                                                    Function 00007FFE75E0F400 Relevance: 24.5, APIs: 16, Instructions: 493COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2$memset$memmove
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1685334282-0
                                                                                                                                                                                                                                                    • Opcode ID: 1edd070486128180aaf4a9b6a699bce50f64173daa6afe7625103dfdb958fdbf
                                                                                                                                                                                                                                                    • Instruction ID: 145b0b2f2fc2aa182e8e474a666fc9bd5a68eba400d9fd90767807129b0e63e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1edd070486128180aaf4a9b6a699bce50f64173daa6afe7625103dfdb958fdbf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF22C833A24F8586D6169B35AA503BAB365FF55BC4F158332DAAF17760DF3DE0528200
                                                                                                                                                                                                                                                    Function 00007FFE75E0FEB0 Relevance: 24.5, APIs: 16, Instructions: 493COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2$memset$memmove
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1685334282-0
                                                                                                                                                                                                                                                    • Opcode ID: d0ebc9dcb9b4dfbefd1d47e463b8048210ff77d408c872b9899fd701b123924b
                                                                                                                                                                                                                                                    • Instruction ID: 4226d1f1a4e34cbb740c02acdb41f420cd724307155bde44aad74b211de9013b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0ebc9dcb9b4dfbefd1d47e463b8048210ff77d408c872b9899fd701b123924b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4229433A24F8586D61A9B2596403FAA365FF59BD4F258332DB9F26760DF3DE0528300
                                                                                                                                                                                                                                                    Function 00007FFE75E06FC0 Relevance: 18.4, APIs: 12, Instructions: 450COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4048861018-0
                                                                                                                                                                                                                                                    • Opcode ID: 1ba6ff57bb3133cb648baf168f3054a4e5542cce55b8d95569e4c63513385875
                                                                                                                                                                                                                                                    • Instruction ID: 7ca7f5e6ad71e3d722f9afa635c153eb519eee84e22f8047ee573bd249af1627
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ba6ff57bb3133cb648baf168f3054a4e5542cce55b8d95569e4c63513385875
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D702C873F68F054AE607C7749A013BAA356EF25BD4F26C332D92F36664DB7D60928240
                                                                                                                                                                                                                                                    Function 00007FFE75CA1860 Relevance: 13.9, APIs: 9, Instructions: 437COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mem_$SubtypeType_$DataFreeFromKindMallocReallocUnicode_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1742244024-0
                                                                                                                                                                                                                                                    • Opcode ID: c9d9c4627cf2f8baa2e07995f47ef7262a1ee094cf9010b1a5e97e1c28034e83
                                                                                                                                                                                                                                                    • Instruction ID: 1ebde7b11b0a0b235d29f712806176cd983607c1e06dc6f6a1de7070903474b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9d9c4627cf2f8baa2e07995f47ef7262a1ee094cf9010b1a5e97e1c28034e83
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0021473A2879682E764CB24EC547796EA1EB85F84F144135DAAE46BF4DF3CE840C342
                                                                                                                                                                                                                                                    Function 00007FFE75CA3028 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 313767242-0
                                                                                                                                                                                                                                                    • Opcode ID: bc038827588cf40f583b99cfdd4304ae94c893dbf377535741e30029c5cf38f6
                                                                                                                                                                                                                                                    • Instruction ID: 2d6f3fa2e718c68e8453a846dc7f740cc3ce954fd7ebce66e320d2a20a8a3167
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc038827588cf40f583b99cfdd4304ae94c893dbf377535741e30029c5cf38f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8313A73A19B858AEB60CF64E8503EE7764FB84B44F44403ADA5E47AA8DF38D588C714
                                                                                                                                                                                                                                                    Function 00007FF6AB5483B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB54841B
                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB54849E
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB5484BD
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB5484CB
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB5484DC
                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,00007FF6AB548B09,00007FF6AB543FA5), ref: 00007FF6AB5484E5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                                    • String ID: %s\*
                                                                                                                                                                                                                                                    • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                                    • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                                    • Instruction ID: ec731007e38e1cbdc8e2e8cefd244dee019fecb55ce4df5b4ed390f9f1fc6ccb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F41D521A0EA4291EE34AF24E4581B96761FF9C758F840A32D6ADC36E6DF3CD55AC700
                                                                                                                                                                                                                                                    Function 00007FFE75E07660 Relevance: 10.8, APIs: 7, Instructions: 267COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2$memset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3759962277-0
                                                                                                                                                                                                                                                    • Opcode ID: 0a616068c14d0cc25b55d560957346411adc6e39c4d7ed9e6f163420d756dbf1
                                                                                                                                                                                                                                                    • Instruction ID: ff6c580775623221a12ff0149309dd4d2263e410ed2e7a33f578e49a7178e4aa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a616068c14d0cc25b55d560957346411adc6e39c4d7ed9e6f163420d756dbf1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CB10B23E28F5549E90787349A003BAA356EF55BD5F66C332E95F27764EF7CA0928200
                                                                                                                                                                                                                                                    Function 00007FFE75DF6F40 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: exitmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2099101326-2920267241
                                                                                                                                                                                                                                                    • Opcode ID: 1e7f654b3abe498549c85a9da2b5d6289def08c45c33cc899f933d97bd9daf92
                                                                                                                                                                                                                                                    • Instruction ID: a21a98d633bd214e29da0f977fde5aac0d54b06b33b58015d9e00e77faffff0f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e7f654b3abe498549c85a9da2b5d6289def08c45c33cc899f933d97bd9daf92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74C10573618BC482D660CB66F8407AAB7A4FB89B88F544126EFDD47B69DF38C155CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB54D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3140674995-0
                                                                                                                                                                                                                                                    • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                                    • Instruction ID: 8096430ee82b473b49b6271e6049f300ff14a24106d42df49e097a42d33805bc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A317472609B8186EB60CF60E8503EE73A1FB88704F44403ADA4D87BA5EF3CD558CB10
                                                                                                                                                                                                                                                    Function 00007FFE75DEF5D0 Relevance: 9.2, APIs: 6, Instructions: 245COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset$log2
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3851851888-0
                                                                                                                                                                                                                                                    • Opcode ID: 64f3392d5d0c07b22c2d9f88ec33949d3f89d5b72106fb347fe14f0603d3ecf4
                                                                                                                                                                                                                                                    • Instruction ID: 6b60a6278a960416ee4e3d8df1b51e16c8baa17584a55721c6352261bb1fa115
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64f3392d5d0c07b22c2d9f88ec33949d3f89d5b72106fb347fe14f0603d3ecf4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7A1E623A2CFC685D6128B35A4007EAA755FF96B84F549231DB9E27765DF3DE082C700
                                                                                                                                                                                                                                                    Function 00007FFE75DF2700 Relevance: 9.2, APIs: 6, Instructions: 239COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset$log2
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3851851888-0
                                                                                                                                                                                                                                                    • Opcode ID: 630956aaa5f078cabb962465cabea9a2edb90d42bcb192cf7cf7d8a395303877
                                                                                                                                                                                                                                                    • Instruction ID: 8c703b865bc03368d8ba60cc3a626b79e2a6d5dc3d1b232e83592c3a6cd56265
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 630956aaa5f078cabb962465cabea9a2edb90d42bcb192cf7cf7d8a395303877
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEA1F823A2CFC585D612CB75A8007ABB755FF96B84F449232DA6E276A5DF3DE042C700
                                                                                                                                                                                                                                                    Function 00007FFE75DF0EB0 Relevance: 9.2, APIs: 6, Instructions: 239COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset$log2
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3851851888-0
                                                                                                                                                                                                                                                    • Opcode ID: 9cac2ff7569d438a0fc14b80d39a9464d9c8e47c46ba66bb0d0afa152fd710d5
                                                                                                                                                                                                                                                    • Instruction ID: 482db1c7fcbbf57c1597604c85b60d98b7d47418137554cd16d602c652c584de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cac2ff7569d438a0fc14b80d39a9464d9c8e47c46ba66bb0d0afa152fd710d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43A1E723A2CBC585D6128B75E4007ABA755FF96BC4F045332DA6E276A5DF3DE086C700
                                                                                                                                                                                                                                                    Function 00007FFE75DEE090 Relevance: 7.9, APIs: 5, Instructions: 359COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFE75DEE341
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFE75DEE3C5
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFE75DEE551
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFE75DEE5B0
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FFE75DEE600
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4048861018-0
                                                                                                                                                                                                                                                    • Opcode ID: 4ce18a24f6bbc4e66d1632d99029d87051404aa3dbe531e978db1d1c2478575e
                                                                                                                                                                                                                                                    • Instruction ID: cec024aab1a772f5815d48a24240911807ef19164481807e1141aa320f11260b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ce18a24f6bbc4e66d1632d99029d87051404aa3dbe531e978db1d1c2478575e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDE1EB33F2CF8689E617873895003BAA355EF9DB94F249335D65F26764EB3DE4828600
                                                                                                                                                                                                                                                    Function 00007FF6AB5618E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2227656907-0
                                                                                                                                                                                                                                                    • Opcode ID: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                                                                    • Instruction ID: fbf16cae09b335c51004c9f664dabedc0fdc24f4855a6c455cf05834fe73bf4a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ef3c37f04818ead7d44404f95bcb0bbc346a7a2ea351082cea4bee254bbf61c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41B1C722F1A69641EA619F22D5202BD6361EF4CBE4F486131DE5E87BE6EE3CE441D700
                                                                                                                                                                                                                                                    Function 00007FFE75E07AA0 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2$memset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3759962277-0
                                                                                                                                                                                                                                                    • Opcode ID: 7cb003af3fe56c2fa4ef3186a0cf0e2ba4dccb740a689c643034ce6301a7a5df
                                                                                                                                                                                                                                                    • Instruction ID: 84ebdf683517a862b0699f432d59b74d4ee7ceb717b91f5c208e557df97ebe12
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cb003af3fe56c2fa4ef3186a0cf0e2ba4dccb740a689c643034ce6301a7a5df
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17615A63F28F8549D5179734AB413BA9352EF99BD4F258332D95F36664EF2CB0838600
                                                                                                                                                                                                                                                    Function 00007FFE75E00600 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2$memset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3759962277-0
                                                                                                                                                                                                                                                    • Opcode ID: c462b1730b2cc9fe60fe652cd5c109c1ac0dba0022eaa0918e110071f0e1ffe6
                                                                                                                                                                                                                                                    • Instruction ID: 472c0624fa053106a7ba4623a2fea3b8a15cdc18d512cad11a2fd8103e3dda24
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c462b1730b2cc9fe60fe652cd5c109c1ac0dba0022eaa0918e110071f0e1ffe6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37514623F28F4449E5078639AB0537AE216EFA5FD0F69D332E95F36A60DF2DA0834500
                                                                                                                                                                                                                                                    Function 00007FF6AB545820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545830
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545842
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545879
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54588B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458A4
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458B6
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458CF
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458E1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5458FD
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54590F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54592B
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54593D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545959
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB54596B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545987
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB545999
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5459B5
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00007FF6AB5464BF,?,00007FF6AB54336E), ref: 00007FF6AB5459C7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                    • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                    • API String ID: 199729137-653951865
                                                                                                                                                                                                                                                    • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                                    • Instruction ID: 32496daa1a9dfad9276f1e2149e5c3289d31f8ee76335f3ccfe9d98d4b282ef1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5022AC34E0FB4791FA569F55B8A51B427A1AF0E7A1F585036C82E82372FF3DB158A340
                                                                                                                                                                                                                                                    Function 00007FFE75DC1EE0 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 76COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Module_$Constant$Object$ReadyType_$Create2Err_ExceptionString
                                                                                                                                                                                                                                                    • String ID: %d.%d.%d$Compressor$Decompressor$MODE_FONT$MODE_GENERIC$MODE_TEXT$__version__$brotli.error$error
                                                                                                                                                                                                                                                    • API String ID: 85873462-3709432877
                                                                                                                                                                                                                                                    • Opcode ID: c527ea57f1a6fa79dc78c15721b8764123cc718b26bb66bf4bdf31074b340112
                                                                                                                                                                                                                                                    • Instruction ID: 66caa9e6034b1d7ca726b36c76d2520360eb71637fe6953ed6d43c6c22777764
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c527ea57f1a6fa79dc78c15721b8764123cc718b26bb66bf4bdf31074b340112
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B31F866B38B0396FA019F19ED542B52361FF49F84F802032C96E46674EF3DE185CB42
                                                                                                                                                                                                                                                    Function 00007FFE75DC1C80 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeallocSizeString$Arg_Buffer_Bytes_Err_FromKeywords_List_ParseReleaseTuplefreemalloc
                                                                                                                                                                                                                                                    • String ID: BrotliDecompress failed$y*|:decompress
                                                                                                                                                                                                                                                    • API String ID: 3129089932-3609120798
                                                                                                                                                                                                                                                    • Opcode ID: 21fc62796acf40556abf5966d126bf01a84e1109d329ffa3a643c5993f22310f
                                                                                                                                                                                                                                                    • Instruction ID: 8831ae523141d571eb420e0d6156b897a8f1cf53df1d950d00c6012073de3a9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21fc62796acf40556abf5966d126bf01a84e1109d329ffa3a643c5993f22310f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59614B37B29B5289EB109BA5E9403AE23A5FB48F84F444036DE5D53B68EF3CD444CB40
                                                                                                                                                                                                                                                    Function 00007FF6AB5481C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB549400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6AB5445E4,00000000,00007FF6AB541985), ref: 00007FF6AB549439
                                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6AB5488A7,?,?,00000000,00007FF6AB543CBB), ref: 00007FF6AB54821C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542810: MessageBoxW.USER32 ref: 00007FF6AB5428EA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                    • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                                    • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                                    • Opcode ID: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                                                                    • Instruction ID: 681fbed9adc8b8dd18ffa493a82f511829fbc8e85aca3ff0e8869bf63e7a397d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fbdb188916104b0c2c5940302cfd80688c9116ecc918f500a0c860990a20752
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B51A611A2FA4291FB549F25EC512BA6792EF9C780F484431EA1EC26F7EF3CE5158740
                                                                                                                                                                                                                                                    Function 00007FFE75DC19E0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeallocSizeString$Arg_Buffer_Bytes_Err_FromList_ParseReleaseTuple_
                                                                                                                                                                                                                                                    • String ID: BrotliDecoderDecompressStream failed while processing the stream$y*:process
                                                                                                                                                                                                                                                    • API String ID: 2327171786-3378180327
                                                                                                                                                                                                                                                    • Opcode ID: 0409f8f06fc8815c48b07b2be836251baa69eb390988694566013f5be1359561
                                                                                                                                                                                                                                                    • Instruction ID: e847d78f9aef7b1bca9d31ef4b0ce830370a38b08052678ac711ef34bd2300e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0409f8f06fc8815c48b07b2be836251baa69eb390988694566013f5be1359561
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04513933B19B5689EB11CFA5E9403AD23A1FB49B88F440136DE5D17B68EF38D445CB80
                                                                                                                                                                                                                                                    Function 00007FFE75CA24C0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Module_$Dealloc$ObjectObject_$Capsule_ConstantFromMallocMem_SpecStringTrackTypeType_
                                                                                                                                                                                                                                                    • String ID: 13.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                                                    • API String ID: 288921926-2302946913
                                                                                                                                                                                                                                                    • Opcode ID: 8849700e4595db79af61cb0ca23ecac910159f79cad4801844aab08d1f2a0480
                                                                                                                                                                                                                                                    • Instruction ID: 9de8d8b5a4124e2111f3f86ba37abb349b70d30567a34bc3e9e3adad0755a9fe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8849700e4595db79af61cb0ca23ecac910159f79cad4801844aab08d1f2a0480
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64215E23E2DB5281EA54CB61AC243782F95BF49F91B045430CA7F566B1EE2DE0459302
                                                                                                                                                                                                                                                    Function 00007FF6AB542180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                    • String ID: P%
                                                                                                                                                                                                                                                    • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                    • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                    • Instruction ID: e119bf40dee09afd28e7a71a145854897a28e3d98c7b34c8b094cbc32b6eadc9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE510726619BA186D6349F22E4181BAB7A2F79CB61F004121EFDE83695DF3CD085DB10
                                                                                                                                                                                                                                                    Function 00007FFE75CA46DC Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_Unicode_$ArgumentCheckDigitErr_FromLongLong_PositionalReadyString
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                                                    • API String ID: 2437920334-4278345224
                                                                                                                                                                                                                                                    • Opcode ID: d8e6a483aa124d8a0f7fadfcdbea60320d10b9bba425ecb1969d68fb569105d1
                                                                                                                                                                                                                                                    • Instruction ID: d93bda9874294302859716c4f624328e9aa416d6ad370f06e2b51c3f97e67f73
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8e6a483aa124d8a0f7fadfcdbea60320d10b9bba425ecb1969d68fb569105d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8416A27F2878681EB51CB25DC9037A2B61EF85F85F548531CA2D8B6B4DF2DE846C302
                                                                                                                                                                                                                                                    Function 00007FF6AB5480B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                                    • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                                    • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                                    • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                                    • Instruction ID: acfcb3ceabf98a745cc2346579e52626d94c36c3fc11446651867b0c97cd9565
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5721B221B0AA4282E7458F7AAC652796751FF8DB90F4C5231DA3DC33F6DE2CD5A08301
                                                                                                                                                                                                                                                    Function 00007FFE75CA2700 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 349153199-0
                                                                                                                                                                                                                                                    • Opcode ID: 1738fc931c46e0016abe01128f6c04fa9ae34eb026bf82ed76cd7c7c3c76c679
                                                                                                                                                                                                                                                    • Instruction ID: f404fcd58b27ad7a581d4d08605c2003c56302adc17cdc76717ab952cb1263c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1738fc931c46e0016abe01128f6c04fa9ae34eb026bf82ed76cd7c7c3c76c679
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7781E523E3C36345FA54DB659C413796AA0AF45F80F444135EA2CA37B6DF3EE9458302
                                                                                                                                                                                                                                                    Function 00007FFE75CA4A94 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unicode_$Equal$CompareDeallocErr_ReadyString
                                                                                                                                                                                                                                                    • String ID: invalid normalization form
                                                                                                                                                                                                                                                    • API String ID: 3010910608-2281882113
                                                                                                                                                                                                                                                    • Opcode ID: 71d70c814a1b85dfb32b3f0810df02494d5ba905ed5b44fd8e565b17dcf905d8
                                                                                                                                                                                                                                                    • Instruction ID: 5d64271859cf6d5e47413fa3197576a15b75f03aeb8d44a8ce1ba8b8b2e1f3eb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71d70c814a1b85dfb32b3f0810df02494d5ba905ed5b44fd8e565b17dcf905d8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1415C27E2CB4385EA54CB12BC9037A6B60BB88F85F444535CE6E4B7B4DF6DE4448312
                                                                                                                                                                                                                                                    Function 00007FFE75CA1000 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unicode_$Arg_$ArgumentEqualReady$CheckPositionalSubtypeType_
                                                                                                                                                                                                                                                    • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                                                    • API String ID: 2760394311-1320425463
                                                                                                                                                                                                                                                    • Opcode ID: 201e1a0c86d96ed07084084db240da97117a3eea60c9e8d2cbe13f47ad1407c3
                                                                                                                                                                                                                                                    • Instruction ID: d3c0232fd5e9b473a9e90cc69aae51e041b43b1aa25792997bd9965a893078f8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 201e1a0c86d96ed07084084db240da97117a3eea60c9e8d2cbe13f47ad1407c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00212C23A28B8681EB10CB59EC543B93B50AF44F95F584232DA7D476F4CF2CE446C742
                                                                                                                                                                                                                                                    Function 00007FFE75CA49A8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                                                                                                                                                                                                                    • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                                                    • API String ID: 396090033-184702317
                                                                                                                                                                                                                                                    • Opcode ID: 499ad2b4e8d2c61c6c3904c5fb4ee9275f40f4ad30840fc7374985e9f058fd08
                                                                                                                                                                                                                                                    • Instruction ID: 81694ce641b7af81b090762b0f26a3cbe57e32a5cd4ac642e43ed6d976535df5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 499ad2b4e8d2c61c6c3904c5fb4ee9275f40f4ad30840fc7374985e9f058fd08
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89215123E28B8685EA50CB55EC843B53B50AF44F99F485231EA7D4B2F8DF2CD846C306
                                                                                                                                                                                                                                                    Function 00007FF6AB556300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                    • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                    • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                    • Instruction ID: a61ed8fcd4d8c3b2a26ea0d725ca95fbca306ba1b9fa50b8f84c43d9a1da0e72
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C012C572E0E1C386FB605F14D1542B976A5FF48752FC44235E68A87AEADF7CE5808B08
                                                                                                                                                                                                                                                    Function 00007FF6AB551038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                    • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                    • Instruction ID: 05d5760aade7e2106b99dabb784d6e971e33884b38a22629554b85d2eec422d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9012D831E0E143C6FB20AE15E0546797A61FB44796F884235D79BC7AE6DF7CE480AB08
                                                                                                                                                                                                                                                    Function 00007FF6AB541050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                    • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                    • Opcode ID: 4effd7ee53c8c82a983e9cdd68768bad9a7d3edd4a4a324d397349009c43aaf2
                                                                                                                                                                                                                                                    • Instruction ID: 1a7d92d4828f9e9ff64b50bc6970576fe36eaf8743ae08dc0c97953990d2e05b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4effd7ee53c8c82a983e9cdd68768bad9a7d3edd4a4a324d397349009c43aaf2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF419C21F5A6A282EA10EF12A8116BA6792FF4DBC4F484532ED0D877A7DE3CE1119740
                                                                                                                                                                                                                                                    Function 00007FF6AB548850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(?,?,00000000,00007FF6AB543CBB), ref: 00007FF6AB5488F4
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00007FF6AB543CBB), ref: 00007FF6AB5488FA
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00007FF6AB543CBB), ref: 00007FF6AB54893C
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548A20: GetEnvironmentVariableW.KERNEL32(00007FF6AB54388E), ref: 00007FF6AB548A57
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6AB548A79
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB5582A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB5582C1
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB542810: MessageBoxW.USER32 ref: 00007FF6AB5428EA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                    • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                                    • Opcode ID: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                                                                    • Instruction ID: 947a90a07095a566d66561bc151a648c5d503ae89264390348e13c1be8a2240c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ea14b1c2d16789ddeaa0d8cc05df9935aa6d91fa7ad17376743f3d33dced37a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8341A011A1BA4244FA68EF26A8652B91792AF8D7C4F444531ED0DC7BFBDE3CE514C700
                                                                                                                                                                                                                                                    Function 00007FF6AB54EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                    • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                                    • Instruction ID: aa423a5f29a57f32e44267ac55fcabb4162476a451ec361c27bde7c67a3f9068
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22D17032A09B8186EB64DF66D4403AD37A1FB5D798F100135EE4D97BAADF38E4A1C704
                                                                                                                                                                                                                                                    Function 00007FFE75CA1090 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EqualUnicode_$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                                                    • String ID: invalid normalization form
                                                                                                                                                                                                                                                    • API String ID: 1153303739-2281882113
                                                                                                                                                                                                                                                    • Opcode ID: 22168d29278c1de6ef91495bca67e885d51d0b2cc5fea0c41de879cb010d5d17
                                                                                                                                                                                                                                                    • Instruction ID: a0be5f92a5b56d64f02cd6e7db9f22b9bbb3fe2d9b2f5375d107c85d913c0f18
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22168d29278c1de6ef91495bca67e885d51d0b2cc5fea0c41de879cb010d5d17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02517E27A2C75241FB64CB12AD2537AABA1AB45FC0F045031CF6E07BA5DF2DE5458742
                                                                                                                                                                                                                                                    Function 00007FFE75CA16A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                                    • API String ID: 2803103377-2068800536
                                                                                                                                                                                                                                                    • Opcode ID: 8b9f8b491c2994b115a767135a291a96eb26d3dd982b4c81d2173ffc951e8bc0
                                                                                                                                                                                                                                                    • Instruction ID: 37c03c45d39e152c5a0951d0d778711d1a0db881f3ccd0f865842e33786e010c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b9f8b491c2994b115a767135a291a96eb26d3dd982b4c81d2173ffc951e8bc0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E519463B28B9682EB59CB15DCA03792BB1EB45F84F040135DA6E877B4DF2DE845C341
                                                                                                                                                                                                                                                    Function 00007FFE75CA1550 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unicode_$Arg_ArgumentFromReadyStringSubtypeType_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                                    • API String ID: 2803103377-2110215792
                                                                                                                                                                                                                                                    • Opcode ID: 6f842c38fbf6266b6352dc09bd82e7f65808cd6bafd25b46999a778c18f9dfdf
                                                                                                                                                                                                                                                    • Instruction ID: c14d255bdf91f62bf318c9e62f70a3e99121895fbe75b477e1d08a0033053959
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f842c38fbf6266b6352dc09bd82e7f65808cd6bafd25b46999a778c18f9dfdf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC419463B2874642EB58CB15DC643792AA1EF84F94F180535DA6F872F0DF2DD884C381
                                                                                                                                                                                                                                                    Function 00007FF6AB542C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB543706,?,00007FF6AB543804), ref: 00007FF6AB542C9E
                                                                                                                                                                                                                                                    • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6AB543706,?,00007FF6AB543804), ref: 00007FF6AB542D63
                                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF6AB542D99
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                                    • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                    • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                                    • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                                    • Instruction ID: fbeaa7180c58ca5dd453d279d7a7cb4ed0a6f546a327596d5986e1c4509b7c11
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB31E526B09A5142E620AF21A8142AA67A6BF8C7D8F400135EF4DD376AEF3DD51AC300
                                                                                                                                                                                                                                                    Function 00007FFE75DC1180 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeallocStringmemmove$Bytes_Err_FromSize
                                                                                                                                                                                                                                                    • String ID: Unable to allocate output buffer.
                                                                                                                                                                                                                                                    • API String ID: 1583460924-2565006440
                                                                                                                                                                                                                                                    • Opcode ID: 302ccff948575bc5b6c0570f94851fca6a0315b5f66909de60de6dc7c0aacbcc
                                                                                                                                                                                                                                                    • Instruction ID: 8a2fabf5cc160c9f404e20dfd083d89b1f40f13fcca07e2e7d2620d7adbe432a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 302ccff948575bc5b6c0570f94851fca6a0315b5f66909de60de6dc7c0aacbcc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A415777A29B5586EB159F96E80026AB3A0FB48FA4F444032CF5D47764DF3CD486CB40
                                                                                                                                                                                                                                                    Function 00007FFE75CA4574 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FromStringUnicode_$S_snprintfSizeSubtypeType_memcpy
                                                                                                                                                                                                                                                    • String ID: $%04X
                                                                                                                                                                                                                                                    • API String ID: 762632776-4013080060
                                                                                                                                                                                                                                                    • Opcode ID: 8f010d78afd3c5818cfb4910701cc2a93885e9771a9bff0787413f6ee937c649
                                                                                                                                                                                                                                                    • Instruction ID: 74eee0c75318c278cc818d73a1895161345c1a75bb462248c171328f6495c4c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f010d78afd3c5818cfb4910701cc2a93885e9771a9bff0787413f6ee937c649
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8231AEA3E28BC141EA61CB14EC543B96AA1FF84FA4F480335DA7E0B6E5DF2CE4558301
                                                                                                                                                                                                                                                    Function 00007FFE75CA4C10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                                                    • API String ID: 3097524968-4001128513
                                                                                                                                                                                                                                                    • Opcode ID: a778e76fe43f494d7f351cf3d9963943a965506800762402e56c89a3088c44b2
                                                                                                                                                                                                                                                    • Instruction ID: d78929a1f10c3ab1e678214fe047bf0fc7fcc860bd3b924332e1f5c9895ee9cd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a778e76fe43f494d7f351cf3d9963943a965506800762402e56c89a3088c44b2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60319163F2874682FB54CB25DD913792A91AF44F98F544535CA2E4B3E1DE2DE8458302
                                                                                                                                                                                                                                                    Function 00007FFE75CA413C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                                                    • API String ID: 3097524968-4202047184
                                                                                                                                                                                                                                                    • Opcode ID: 0e3e88da4055aaeba4dce951f7ad24c458dac837fb036e1c1bb397ee2ac8be3b
                                                                                                                                                                                                                                                    • Instruction ID: 39b9caa47d2d5f8a497a3d614dc3bea98142611e43c00151b485d6388d60ddc8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e3e88da4055aaeba4dce951f7ad24c458dac837fb036e1c1bb397ee2ac8be3b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B318D63F2874282FB54CB25DCD13792AA1AF54F94F144635CB2E8A2E0EF2DE8458342
                                                                                                                                                                                                                                                    Function 00007FFE75DC1070 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Err_$AppendBytes_DeallocFromList_Size
                                                                                                                                                                                                                                                    • String ID: Unable to allocate output buffer.
                                                                                                                                                                                                                                                    • API String ID: 2547554596-2565006440
                                                                                                                                                                                                                                                    • Opcode ID: 7e1e3b8c1928b2da807ddf7aa8ca177fec8d15fc26be477a22987a1ae2f2f214
                                                                                                                                                                                                                                                    • Instruction ID: e5e9a8c6a95f7459d446fc36c58ac4178b0674f49771152dca18186214152dc7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e1e3b8c1928b2da807ddf7aa8ca177fec8d15fc26be477a22987a1ae2f2f214
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72314922B29F5285EA10CB59E94002A73A4FB85FA4F504232DE7E437B4EF3DE0458B41
                                                                                                                                                                                                                                                    Function 00007FFE75DC1470 Relevance: 12.1, APIs: 8, Instructions: 101threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Eval_Thread$DeallocRestoreSave$Bytes_FromList_SizeString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2275295419-0
                                                                                                                                                                                                                                                    • Opcode ID: 5933d949b30942274c393e5cfa0f89909fbd9161848d49aca86a962fd84fa288
                                                                                                                                                                                                                                                    • Instruction ID: 880a0b990b1bd4c3f1e01103ccc56df015e7a4bdbe251fb77f21d4a75c863cd9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5933d949b30942274c393e5cfa0f89909fbd9161848d49aca86a962fd84fa288
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44416F23A1CF8689EB219B55E5043ABB3A0FB85B94F544136DB9D03B65EF3CD4458B80
                                                                                                                                                                                                                                                    Function 00007FFE75CA11D0 Relevance: 10.8, APIs: 7, Instructions: 312COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4139299733-0
                                                                                                                                                                                                                                                    • Opcode ID: 5be55f5bbb3303c170d09a18b84e3569b3095b49e504f61c933743c06f8429b5
                                                                                                                                                                                                                                                    • Instruction ID: a415ad1cad279a25e18aedc240dfcece8c2cf872407fdc04983b91016ed8d919
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5be55f5bbb3303c170d09a18b84e3569b3095b49e504f61c933743c06f8429b5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FD1E073E2D76681EB65CB15E8247792BA5FB45F54F140231DA6F826A0EF3CE841C702
                                                                                                                                                                                                                                                    Function 00007FFE75E08D30 Relevance: 10.7, APIs: 7, Instructions: 212COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 987259897-0
                                                                                                                                                                                                                                                    • Opcode ID: 896fa3ff6dc6034e01015742b7d00b17e3cd593d516e5aaf0fa330e4b8c5e894
                                                                                                                                                                                                                                                    • Instruction ID: b270997b5a2759b02cb872a508ed4e9c583aa80d2664187b7e5081b29d578452
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 896fa3ff6dc6034e01015742b7d00b17e3cd593d516e5aaf0fa330e4b8c5e894
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01B14576205BC08AD740CF29C9947AE7BA1E749F89F188139CF994B359DF3AD412CB21
                                                                                                                                                                                                                                                    Function 00007FFE75CA4D84 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                                                    • API String ID: 3545102714-4190364640
                                                                                                                                                                                                                                                    • Opcode ID: 94e7ee99c4dc3aa2bb1b14e34242e024d645e709b94d4c586480ea63cd2f4719
                                                                                                                                                                                                                                                    • Instruction ID: 0245fa41e006874a72c9de580cdc23df8b96381b548010a87e158894a2c7aa86
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94e7ee99c4dc3aa2bb1b14e34242e024d645e709b94d4c586480ea63cd2f4719
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC317E23F2878682EB50CB15D880769AA61EB84F94F548031DE2D4B7A6CF3DE842C701
                                                                                                                                                                                                                                                    Function 00007FFE75CA42A8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                                                    • API String ID: 3545102714-2474051849
                                                                                                                                                                                                                                                    • Opcode ID: fb38ba14d3dffb49f2d9fefa403c46d6568df7bfe510786d921799ca9568ac64
                                                                                                                                                                                                                                                    • Instruction ID: 2abee2bfeca5042287bc2a0141f99cf533e98c859f5583ca4f56e0a7f6bdd812
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb38ba14d3dffb49f2d9fefa403c46d6568df7bfe510786d921799ca9568ac64
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE316F23F2974681EB60CB15D88037D2A61EB84F94F589531DA6D4B7A4DF3DE846C701
                                                                                                                                                                                                                                                    Function 00007FFE75CA4F50 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                                                    • API String ID: 3545102714-2385192657
                                                                                                                                                                                                                                                    • Opcode ID: 599f939e019d3ab0ab16c07c704c8a2d368a729848ff51ced41fc5b09ed2dbaf
                                                                                                                                                                                                                                                    • Instruction ID: 2e52c8b930be5d5006ee5b7bd53b7899c3444a9965002920127ee75caf09821d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 599f939e019d3ab0ab16c07c704c8a2d368a729848ff51ced41fc5b09ed2dbaf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA315923B2874682FF50CB15DD8037A2A61EB84F84F588431DB2D47BA4DF2EE846C741
                                                                                                                                                                                                                                                    Function 00007FF6AB542A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6AB54351A,?,00000000,00007FF6AB543F23), ref: 00007FF6AB542AA0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                    • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                                    • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                                    • Instruction ID: fa2ab09376769431aa51696eb99b6061f4abb6fdfc35d45438d122a365e15837
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D218132A1A78292E7219F51B8817EA63A4FB8C7C4F440132EE8C8366ADF7CD6558740
                                                                                                                                                                                                                                                    Function 00007FF6AB548760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 995526605-0
                                                                                                                                                                                                                                                    • Opcode ID: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                                                                    • Instruction ID: dc1532b9453862f9864367f7de127f9774ced9d743bf6c77fa7a6653c99387a8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e3bf3a8b1345e2c0c0bdd6ff4e06add0bb9355989cc78c5a669156b3459c754
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8217131E0D64242EB549F59F49022AABA1FF897B0F140635EA6D83AF6DE7DD4548700
                                                                                                                                                                                                                                                    Function 00007FF6AB55B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                    • Opcode ID: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                                                                    • Instruction ID: fffff04065a5bd545b130111dfc9c13879a23183711de01dfb03f02fa31f3e3a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a7efe5704aebd884d83a549bac9021180a30b6e3a5084d39c82c78793c2ea5e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0521AC24F0F64A42FA65AF62565A13D61424F4C7B2F048734E93EC6AF7DE2DB4428314
                                                                                                                                                                                                                                                    Function 00007FF6AB5490E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: GetCurrentProcess.KERNEL32 ref: 00007FF6AB548780
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: OpenProcessToken.ADVAPI32 ref: 00007FF6AB548793
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: GetTokenInformation.ADVAPI32 ref: 00007FF6AB5487B8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: GetLastError.KERNEL32 ref: 00007FF6AB5487C2
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: GetTokenInformation.ADVAPI32 ref: 00007FF6AB548802
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6AB54881E
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB548760: CloseHandle.KERNEL32 ref: 00007FF6AB548836
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF6AB543C55), ref: 00007FF6AB54916C
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,00007FF6AB543C55), ref: 00007FF6AB549175
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                    • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                                    • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                                    • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                                    • Instruction ID: 85b6bcc230640654b50b429be8a5dbbb56b02950534f530d9649efe50dc2e3cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB214B31A1AB8285E614AF10E9253EA6362FF8D780F884435EA4DD37A7DF3DE8558740
                                                                                                                                                                                                                                                    Function 00007FF6AB55B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B347
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B37D
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B3AA
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B3BB
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B3CC
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF6AB554F81,?,?,?,?,00007FF6AB55A4FA,?,?,?,?,00007FF6AB5571FF), ref: 00007FF6AB55B3E7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2506987500-0
                                                                                                                                                                                                                                                    • Opcode ID: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                                                                    • Instruction ID: b923ecddb100d7f697bf17c1eaeb9e22aad07c9678033c995103dca812d1787b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c88e88182f069636ae7df0ba171e708af9cab9deaf2d86c464056bb8d47fe11
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB118C34B0F78282FA55AF22569513D62525F4C7B2F098734E82ED67F7DE2DE4418308
                                                                                                                                                                                                                                                    Function 00007FF6AB542910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6AB541B6A), ref: 00007FF6AB54295E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                    • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                    • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                                    • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                                    • Instruction ID: 7c88fd4b9c5834adce59b3320091b81df3b3e11fefbeeb0cfb5bf0ce9b401f5a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7931D422B1A68552E720AF61B8516EB6695BF8C7D4F400132EE8DC376AEF3CD5568700
                                                                                                                                                                                                                                                    Function 00007FF6AB542390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                    • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                    • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                    • Opcode ID: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                                    • Instruction ID: 306a2b85a905875774fc37ac79c8b2fc345271074cf825978246346cd473d746
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd10c28d74256616f4f20b34f0e4914686707bcd8d030bd0fddff274f11205b5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6316F76A1AA8289EB20EF61EC552F96361FF8D784F440135EA4D8BB6ADF3CD105C700
                                                                                                                                                                                                                                                    Function 00007FFE75CA4484 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument$decomposition
                                                                                                                                                                                                                                                    • API String ID: 1875788646-2471543666
                                                                                                                                                                                                                                                    • Opcode ID: d5f8e1d1838016190bef5668ce4da4a2cda0a1ddf47b54ab3442ce62d4983cc2
                                                                                                                                                                                                                                                    • Instruction ID: 827f8d58fbb0811554b61a8c9fecc357dfdaccf6bd74a77d988bf4e7ad9f5eb6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5f8e1d1838016190bef5668ce4da4a2cda0a1ddf47b54ab3442ce62d4983cc2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC219F63F2874682FB64CB15DCA13792692EF84FA4F444135DA2D4A2E4DE6DE8458342
                                                                                                                                                                                                                                                    Function 00007FFE75CA4840 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                                                                                    • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                                                    • API String ID: 1875788646-3913127203
                                                                                                                                                                                                                                                    • Opcode ID: dbe43c5c28b2e864e9847442fb4680e199cdb81cdd8ff4271a4bb4a7558a351a
                                                                                                                                                                                                                                                    • Instruction ID: 5e2f0760ae1fb155b3c4d0c52487c6507c7ec7f9b05754731919b219b0b71b27
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbe43c5c28b2e864e9847442fb4680e199cdb81cdd8ff4271a4bb4a7558a351a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D21A063F2878682FB54CB15ECA137916519F44F94F444035CE6D8B3A1DE2DE8558342
                                                                                                                                                                                                                                                    Function 00007FF6AB542B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6AB54918F,?,00007FF6AB543C55), ref: 00007FF6AB542BA0
                                                                                                                                                                                                                                                    • MessageBoxW.USER32 ref: 00007FF6AB542C2A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                                    • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                                    • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                                    • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                                    • Instruction ID: 93602afee7e253afb81f131f306e7a53f880b9cd2394580f41d4feebc058e397
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7021DE22B1AB4182E711DF24F8457EA73A5FB8C780F404136EA8D9766ADE3CD615C740
                                                                                                                                                                                                                                                    Function 00007FFE75CA5094 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                                                    • String ID: not a numeric character
                                                                                                                                                                                                                                                    • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                                                    • Opcode ID: 4cb6f1b5efbfda6638c0cdfd582c8c8d1892565bd548cca9a3afd41c4d5c272b
                                                                                                                                                                                                                                                    • Instruction ID: 5ee8e1501e5eb5fb9918a69aaee8127565ae5e053d92f0116b565ed7269984f9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cb6f1b5efbfda6638c0cdfd582c8c8d1892565bd548cca9a3afd41c4d5c272b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71114F23E28B8281EE54CB25DC542396E71AF44F94F18C130CB7E47674EF2CE885C642
                                                                                                                                                                                                                                                    Function 00007FFE75CA43EC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                                                    • String ID: not a decimal
                                                                                                                                                                                                                                                    • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                                                    • Opcode ID: 480c0e289b089f2dea03889a00adf552dacdf64e323fa503627025c33b286684
                                                                                                                                                                                                                                                    • Instruction ID: e278c34e92231f6cce7a2abb1585d63590c104dd3f539a011777ed6068e828e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 480c0e289b089f2dea03889a00adf552dacdf64e323fa503627025c33b286684
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B112123E28B9241EE54CB25E8943396EA1EF44F94F484430CA6E4B774EF2CE8858302
                                                                                                                                                                                                                                                    Function 00007FFE75DC17B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Arg_Buffer_Err_ParseReleaseSizeStringTuple_
                                                                                                                                                                                                                                                    • String ID: BrotliEncoderCompressStream failed while processing the stream$y*:process
                                                                                                                                                                                                                                                    • API String ID: 2872489292-243030088
                                                                                                                                                                                                                                                    • Opcode ID: cb8378cd060a40f59fa4d56021550bc41c31a91fa3c041aef3c9e0e738a50166
                                                                                                                                                                                                                                                    • Instruction ID: 598d61329263cf09ad21c0f9daebafcc001dac63d737835feb2b8d14c082bea3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb8378cd060a40f59fa4d56021550bc41c31a91fa3c041aef3c9e0e738a50166
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31F08163B29B42C1EF11CBA5E8400BA63A1FF88F85B544032CE6D07774EE3CE5848B40
                                                                                                                                                                                                                                                    Function 00007FFE75CA25A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                                                    • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                                                    • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                                                    • Opcode ID: 4f9c832924a9756495b7a5c9d469443539cf620dd58ed21d3cdd85e935500ac7
                                                                                                                                                                                                                                                    • Instruction ID: e53f8edccc12b926cfcf6706f9f70e2a8f2634a79be048d4881323f611547875
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f9c832924a9756495b7a5c9d469443539cf620dd58ed21d3cdd85e935500ac7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1F01927A29B8A95EF05CB11AC142B57AA5BF08F81B441431C96E063B5EF3CE084C312
                                                                                                                                                                                                                                                    Function 00007FF6AB559AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                                    • Instruction ID: 3926b9e04d882f4d36dcf4b8d51ce8cc7b13dfe20b0c8205dbf48bc57a1b802a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92F06261B0A70681FB108F24E8557796320EF4D772F580735CAAE866F5DF2DD185C304
                                                                                                                                                                                                                                                    Function 00007FF6AB5693D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _set_statfp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1156100317-0
                                                                                                                                                                                                                                                    • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                    • Instruction ID: 22d55f834df6861f3d6b058d7bb6475345424bcc17d14c2fbb8052e0c90078a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42112172E5EA9301FB642D24D47637521447F5D376F1C4634EBAEC66FBCE2CA9814104
                                                                                                                                                                                                                                                    Function 00007FF6AB55B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B41F
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B43E
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B466
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B477
                                                                                                                                                                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF6AB55A613,?,?,00000000,00007FF6AB55A8AE,?,?,?,?,?,00007FF6AB55A83A), ref: 00007FF6AB55B488
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                                                                    • Instruction ID: ceca546a04f8fe7517eb78e7f14e77dcfbb0e74f46ccf1177b34f681200eca6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43a5c13e669b9c0dc60c9d5204f3187f9cebb30c335aac4df6ce1d0b58ad24f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66117C20B0F74281FA69AF22565517961575F8C7B2F488734E93EC66F7DE2DF4418308
                                                                                                                                                                                                                                                    Function 00007FF6AB55B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                                                                    • Instruction ID: 813aee53b083609b9bcd3c9955e1020f9fd58711e4723dc0cfa35a511c8c3449
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8aa69c65082f5ed190463b1c2d732539134b8ecb86da000f77e4666776fecf75
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B113924F0F34B81FA69AE66445627E11424F4D372F488B34D93EDA2F3DD2DB4428719
                                                                                                                                                                                                                                                    Function 00007FF6AB556010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: verbose
                                                                                                                                                                                                                                                    • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                    • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                    • Instruction ID: 74bbec56d395aa4a5ab3d351808b0e4d8243c878e71d08b2222664bf435ac083
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B91B132A0AA8A85F7618E25D45037D37A1AF48B96F448336DA5DC73E7DF3CE8458309
                                                                                                                                                                                                                                                    Function 00007FF6AB55FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                    • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                    • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                                    • Instruction ID: 0d58a91aac3866d698f7e8628e4852570d3f165194f5c90177adf272f2e29297
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF81E172E0E38386F7A45FA5C10027836A0AF1DB49F558234DA09D76BBDF2DF9418309
                                                                                                                                                                                                                                                    Function 00007FF6AB54F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                    • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                    • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                                    • Instruction ID: 49fba652ead74db22450c8d555c56bf3747f293538122888df5c134f1f65596a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED5193329093828AEB748F6990443A877A2FB59B94F145135EB5D877EACF3CE470CB01
                                                                                                                                                                                                                                                    Function 00007FF6AB54EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                                    • Instruction ID: 0f00d5e2ca8de579551502e28f0c05e326f2cd114b13d21c4f75b7daa34c374e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B61C332909BC585EB618F15E4403AAB7A1FB89B84F044235EB9D43BA6DF7CD1A0CB00
                                                                                                                                                                                                                                                    Function 00007FF6AB542810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                                                                                    • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                                    • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                                    • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                                    • Instruction ID: 1aff56844466a7d2e89c68126321a7954e187a0f387d7352635049a110ae6233
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B21DE72B1AB4182E710DF24F8457EA73A5FB8C780F400132EA8D9766ADE3CD655C700
                                                                                                                                                                                                                                                    Function 00007FFE75CA1EC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • PyErr_SetString.PYTHON310(?,?,?,?,?,00007FFE75CA1EAC), ref: 00007FFE75CA3B59
                                                                                                                                                                                                                                                      • Part of subcall function 00007FFE75CA1FA0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFE75CA1FD8
                                                                                                                                                                                                                                                      • Part of subcall function 00007FFE75CA1FA0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFE75CA1FF6
                                                                                                                                                                                                                                                    • PyErr_Format.PYTHON310 ref: 00007FFE75CA1F23
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                                                    • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                                                    • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                                                    • Opcode ID: 16bc881f184cb8364390d1ecc0752210c1df55cf4409d1ac5f55d1ad321c9066
                                                                                                                                                                                                                                                    • Instruction ID: f117bfdedf6379e9c2e44f5b2c2bbe8c79255c38f044ab42cff7604857acef58
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16bc881f184cb8364390d1ecc0752210c1df55cf4409d1ac5f55d1ad321c9066
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82111FB7E28B8685EB40CB14EC843B47B61FB48F59F840531CA2D46271EF6DD18AC741
                                                                                                                                                                                                                                                    Function 00007FFE75DC1410 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Err_LongLong_String
                                                                                                                                                                                                                                                    • String ID: Invalid lgblock$Invalid lgblock. Can be 0 or in range 16 to 24.
                                                                                                                                                                                                                                                    • API String ID: 568964304-2070589380
                                                                                                                                                                                                                                                    • Opcode ID: 98ac89e9ae3e119ae39c4b923ceb1be476487f23198bc6fec9af8334a5baf927
                                                                                                                                                                                                                                                    • Instruction ID: 4b0e2b656008b80af487a2a819a1422eb598c4f0a67b009335ae6b1bc2467d5d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98ac89e9ae3e119ae39c4b923ceb1be476487f23198bc6fec9af8334a5baf927
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13F054A3E2C71785FB154759E8842792291EF44F40FD49471D53C862B0EE6CE4D58B41
                                                                                                                                                                                                                                                    Function 00007FFE75DC13B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Err_LongLong_String
                                                                                                                                                                                                                                                    • String ID: Invalid lgwin$Invalid lgwin. Range is 10 to 24.
                                                                                                                                                                                                                                                    • API String ID: 568964304-1865904581
                                                                                                                                                                                                                                                    • Opcode ID: 7bd72e1ab808d5623974b6b25a33f8bd190c734804e523a2af81955fbb258cdb
                                                                                                                                                                                                                                                    • Instruction ID: a65c201d7c0cdad292968bdbc4993e54db9f436c922176284456b0468d948187
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bd72e1ab808d5623974b6b25a33f8bd190c734804e523a2af81955fbb258cdb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF0A7B3E287028AE7158B59D88427923A0EF44F54F545031C62D0A270EF7D94D5CF05
                                                                                                                                                                                                                                                    Function 00007FFE75DC1350 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Err_LongLong_String
                                                                                                                                                                                                                                                    • String ID: Invalid quality$Invalid quality. Range is 0 to 11.
                                                                                                                                                                                                                                                    • API String ID: 568964304-3078312006
                                                                                                                                                                                                                                                    • Opcode ID: bf0f2c2d88753ce6f75839a482aaea8b1615882223bf6accab7f266c8a4c0845
                                                                                                                                                                                                                                                    • Instruction ID: 777e2d2a504b4b3a9ccec5f929a46d16675f771f7f49bb40722e13cf4c9f7292
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf0f2c2d88753ce6f75839a482aaea8b1615882223bf6accab7f266c8a4c0845
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92F0A0A3E28B028AF7118B59D98027923A0EF48F55F845031C92C4A270EF2C94C6CF41
                                                                                                                                                                                                                                                    Function 00007FFE75DF0510 Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 987259897-0
                                                                                                                                                                                                                                                    • Opcode ID: 79d9dcba4dee088979e62e56151a7632dd868efc27c5ebe9eaf823a5f0b8b74d
                                                                                                                                                                                                                                                    • Instruction ID: 26ec3e3f51ea46a045cfd47504ddeb4735f19b9dbc774ffcc7a07fa9d4d2f7e0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79d9dcba4dee088979e62e56151a7632dd868efc27c5ebe9eaf823a5f0b8b74d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78D16D77719B8182DA248B16E5447AAB3A5FB88FD4F048436CFAE17BA8DF3CD0558700
                                                                                                                                                                                                                                                    Function 00007FFE75DF35B0 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 987259897-0
                                                                                                                                                                                                                                                    • Opcode ID: 640fcf2c863d9de54116d5ac512887b9e22b6727d00535a97327216d7780aaef
                                                                                                                                                                                                                                                    • Instruction ID: e9fe20ee54f5aaab2bac03ac6986e4bf6020ad2f1c933185c5a527b3b7c8c748
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 640fcf2c863d9de54116d5ac512887b9e22b6727d00535a97327216d7780aaef
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12D16D63719B8582DA258B16E54836AB3A5FB88FD4F098435CFAE07BA4EF7CD054C710
                                                                                                                                                                                                                                                    Function 00007FFE75DF1D60 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 987259897-0
                                                                                                                                                                                                                                                    • Opcode ID: 59702072734e8ad1273f19b6d99c79a4969c51d14cc5c672e670c6c0901996cd
                                                                                                                                                                                                                                                    • Instruction ID: 63f1ea078cc1510f5bb6b93ea20e6007b677d67b02ce902c7fec4a1d71759ae0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59702072734e8ad1273f19b6d99c79a4969c51d14cc5c672e670c6c0901996cd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BD15E63619B8182DA258B16E54876AB3A5FB88FD4F048535DFAE07BA8EF3CD050C314
                                                                                                                                                                                                                                                    Function 00007FFE75DF9140 Relevance: 6.2, APIs: 4, Instructions: 227COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFE75DF988A), ref: 00007FFE75DF920A
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFE75DF988A), ref: 00007FFE75DF924F
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFE75DF988A), ref: 00007FFE75DF9294
                                                                                                                                                                                                                                                    • memmove.VCRUNTIME140(00000000,?,?,00007FFE75DF988A), ref: 00007FFE75DF9355
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2$memmove
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3336697533-0
                                                                                                                                                                                                                                                    • Opcode ID: 1680cdc6a483d2b4af0fd29261cfd8d16fc7ddb78b32cb5b10661259ba284ebb
                                                                                                                                                                                                                                                    • Instruction ID: 59168399ad74e9442501f316f3b2bacd1b26f32b3c5608f67eb1b43584a8c182
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1680cdc6a483d2b4af0fd29261cfd8d16fc7ddb78b32cb5b10661259ba284ebb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DB19B23E28F8585D6128F3891017BEB365FFA9B84F149332DBAD26665DF38D5928300
                                                                                                                                                                                                                                                    Function 00007FFE75DF8880 Relevance: 6.2, APIs: 4, Instructions: 227COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFE75DF8FCA), ref: 00007FFE75DF894A
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFE75DF8FCA), ref: 00007FFE75DF898F
                                                                                                                                                                                                                                                    • log2.API-MS-WIN-CRT-MATH-L1-1-0(00000000,?,?,00007FFE75DF8FCA), ref: 00007FFE75DF89D4
                                                                                                                                                                                                                                                    • memmove.VCRUNTIME140(00000000,?,?,00007FFE75DF8FCA), ref: 00007FFE75DF8A95
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2$memmove
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3336697533-0
                                                                                                                                                                                                                                                    • Opcode ID: 37c08e7e4291ae7c0fd9f5e7d1ae2ed9a98bb0acaa0912484a1cbda665e6c135
                                                                                                                                                                                                                                                    • Instruction ID: e21e565ba4f5b4dcb247b90f140cc43d435e7cf887603c2ebf664d53fae9e3e0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37c08e7e4291ae7c0fd9f5e7d1ae2ed9a98bb0acaa0912484a1cbda665e6c135
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCB19D23A29F8585E6128F3895013BAB364FF95B88F149732DB9D36661DF38D592C301
                                                                                                                                                                                                                                                    Function 00007FF6AB55CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB55CFBB), ref: 00007FF6AB55D0EC
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6AB55CFBB), ref: 00007FF6AB55D177
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 953036326-0
                                                                                                                                                                                                                                                    • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                                    • Instruction ID: d62ecf9a5e4583f0b26f24136751f2daed438204a4a9a55cb3d99c20a7fc4fb1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8910633F1A65695F750CF659440ABD2BA0BB48B89F144239DE0E93AE6DF3CD492CB04
                                                                                                                                                                                                                                                    Function 00007FFE75CA1FA0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: strncmp
                                                                                                                                                                                                                                                    • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                                    • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                                    • Opcode ID: c98c5b1ab0b2a8d827254fbc7c4625d595eb4019985d1d621710d4bb056f2700
                                                                                                                                                                                                                                                    • Instruction ID: 450c1f2fc6bb28f9c9ce23b7a58c648b6bf0907e36232cf20555a6ca02366ce2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c98c5b1ab0b2a8d827254fbc7c4625d595eb4019985d1d621710d4bb056f2700
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4613833B2835646E664CA19AC007BA7A52FF80F90F144235EA7E57AE9DF3DE442C701
                                                                                                                                                                                                                                                    Function 00007FFE75E10740 Relevance: 6.2, APIs: 4, Instructions: 163COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exitmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2725257846-0
                                                                                                                                                                                                                                                    • Opcode ID: 7667acfe8cd979c61ef8322217f9533025dc7a57991cc5d72a4afbdb4d25e19c
                                                                                                                                                                                                                                                    • Instruction ID: 3164e3b6a6925667c9e319bb58d5f2a55b029c657445485d1ad536d9030e7f93
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7667acfe8cd979c61ef8322217f9533025dc7a57991cc5d72a4afbdb4d25e19c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44614B73618B8182EA65CF16EA443AAB3A4FB48F84F584035DF9E47764EF38D490C341
                                                                                                                                                                                                                                                    Function 00007FFE75DF6C30 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memset$exit
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2160831268-0
                                                                                                                                                                                                                                                    • Opcode ID: ff7542eb6b03d18410631e71f5cf1605c2db0e3aae92597e952d8736e1c6e287
                                                                                                                                                                                                                                                    • Instruction ID: 837808208915752d17dcab77404a10d6de3314bbc166e6f4916794a9212d1552
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff7542eb6b03d18410631e71f5cf1605c2db0e3aae92597e952d8736e1c6e287
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D871E136618BC586D760CB16F88079AB7A4F788B88F548126EFDD47B68DF38C155CB40
                                                                                                                                                                                                                                                    Function 00007FFE75E0F1E0 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exitmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2725257846-0
                                                                                                                                                                                                                                                    • Opcode ID: 493e27849c4cb9e9b95d7c30d5e6413da0b50b6e21a947d19d361f36feff194b
                                                                                                                                                                                                                                                    • Instruction ID: f3aa8664cddef7b6037325d9851b91bb1a69db1ace6730622f88946dd5ae8141
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 493e27849c4cb9e9b95d7c30d5e6413da0b50b6e21a947d19d361f36feff194b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C515C72609B8182DB258F12FA403AAB3A4FB48F94F584535DEAE47B64DF3CD0A1C344
                                                                                                                                                                                                                                                    Function 00007FFE75E0FC90 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exitmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2725257846-0
                                                                                                                                                                                                                                                    • Opcode ID: 23cfdeea8cd9a323e5b039c749b7dda14dfd5c35ac79cae9b21fed405305592a
                                                                                                                                                                                                                                                    • Instruction ID: a6e462074eca9925070230605c8c658e05e0c5eb1cb002fc2432a3a0732b34d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23cfdeea8cd9a323e5b039c749b7dda14dfd5c35ac79cae9b21fed405305592a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3513F72605B8182DB258F12FA447AAB3A4FB48F84F584535DFAE47B65DF38D0A2C340
                                                                                                                                                                                                                                                    Function 00007FFE75E0E640 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exitmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2725257846-0
                                                                                                                                                                                                                                                    • Opcode ID: d9c9cb1ef6c5c71233e29e4e1958d91413e7428d0f52581b9b1aba8afdf679da
                                                                                                                                                                                                                                                    • Instruction ID: a20eb216b580905bded957735dd8567ae108d9c9c93654a8651933db3b3718f3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9c9cb1ef6c5c71233e29e4e1958d91413e7428d0f52581b9b1aba8afdf679da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22513C73605B8582DB258F16FA407A9B3A4FB48B84F584539DF9E47B64EF38D090C344
                                                                                                                                                                                                                                                    Function 00007FFE75DF9CA0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: memmove$exitmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2725257846-0
                                                                                                                                                                                                                                                    • Opcode ID: a32b4bb5653312606587a6e74c96ac44aa3f345004107e7812205a3e2226a543
                                                                                                                                                                                                                                                    • Instruction ID: 604e9f3792ccb91aaba93e70ad38750ccda421323acfca6b42aab4ad6dcc42d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a32b4bb5653312606587a6e74c96ac44aa3f345004107e7812205a3e2226a543
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1141C972F18B4182DA149B06E94463AA356FB85BE4F598235DEBD473E8EF3CE402C700
                                                                                                                                                                                                                                                    Function 00007FF6AB5420C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1956198572-0
                                                                                                                                                                                                                                                    • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                    • Instruction ID: 0eb6f431212e9662e7a6b7a8c4ded623f91c4a1798dfd648ea806e3d29ad7adf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A110825F2D15282F6549F6AE9452BA5393EF8D780F889030DB4987BAFCD3ED5E18200
                                                                                                                                                                                                                                                    Function 00007FF6AB54D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                    • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                                    • Instruction ID: 275ecd12f12f09ee82623b6718214080d21c8d6ad5ca95da7c18612e2f6275e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85115A22B15F058AEB00CF61E8552B933A4FB1D758F080E31DA2D867A5DF7CD1A98340
                                                                                                                                                                                                                                                    Function 00007FFE75DF8460 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: exitmemmove
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 1790971451-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: fb4b732d7ba2ad41e51b609ce057e87b5d2821d6290d3fdf268689399a755141
                                                                                                                                                                                                                                                    • Instruction ID: 9f7cfcfb519ab8090e8b8cd2677332f1f676d473c6dec3a79d74ba6022ada9d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb4b732d7ba2ad41e51b609ce057e87b5d2821d6290d3fdf268689399a755141
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44B15C27618BC582EA20CB15E5083AAB365F788FC8F189125DF9D27B59DF3CD185C704
                                                                                                                                                                                                                                                    Function 00007FF6AB565B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: ?
                                                                                                                                                                                                                                                    • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                    • Opcode ID: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                                                                    • Instruction ID: 6c66e212cc61bc98a1071b8d39739b54067d9fb101d2ed9227bc9bb2f3c0e844
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8108d8be77440c3e9c62f2a415d3a3f63afd5a4d850aaf976d1496cecaf540be
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1412832A1A28A41FB249F25E4213795660EB98BA4F184235EF5C87BF7EF3CD441C700
                                                                                                                                                                                                                                                    Function 00007FF6AB559084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6AB5590B6
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9CE
                                                                                                                                                                                                                                                      • Part of subcall function 00007FF6AB55A9B8: GetLastError.KERNEL32(?,?,?,00007FF6AB562D92,?,?,?,00007FF6AB562DCF,?,?,00000000,00007FF6AB563295,?,?,?,00007FF6AB5631C7), ref: 00007FF6AB55A9D8
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6AB54CC15), ref: 00007FF6AB5590D4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\c56uoWlDXp.exe
                                                                                                                                                                                                                                                    • API String ID: 3580290477-3562500763
                                                                                                                                                                                                                                                    • Opcode ID: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                                                                    • Instruction ID: df4c5c29a0496a52d4925d79a463b4b39b82e6140868c38b57f3619435a83088
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cf9991d5cc0f55d4af5251d222b056ff2fa25707e1fd1ed9fb4097698885552
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3441C032A0AB6286EB15DF25E8800BC6BA4EF4C7C1B454135E94EC3BA7DE3DE4818744
                                                                                                                                                                                                                                                    Function 00007FFE75DEA300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: log2
                                                                                                                                                                                                                                                    • String ID: Tg]@
                                                                                                                                                                                                                                                    • API String ID: 4048861018-1367013573
                                                                                                                                                                                                                                                    • Opcode ID: 314978e01d248754fc8a1f8367cd94a51ede3c6cab710bddc8371ba00d0dbb51
                                                                                                                                                                                                                                                    • Instruction ID: e4b0e4dd0fafbba3e72bfb71502945114abe123823ec39890d46d2b29c1156dd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 314978e01d248754fc8a1f8367cd94a51ede3c6cab710bddc8371ba00d0dbb51
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7412A33A29B4A8AD6128B7695042AEB251FF45F84F248331EB0F27764DF39E493C600
                                                                                                                                                                                                                                                    Function 00007FF6AB55CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID: U
                                                                                                                                                                                                                                                    • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                    • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                                    • Instruction ID: 9a05436b883c74c1a026580062199210f02af5cbb6482ffa167a8f0b78a28d0e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F041C372B1AA8181EB60CF25E4443A977A0FB89794F444131EE4DC7BA9EF3CD401C744
                                                                                                                                                                                                                                                    Function 00007FF6AB5607AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2606860929.00007FF6AB541000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6AB540000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606836504.00007FF6AB540000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606893309.00007FF6AB56B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB57E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606921623.00007FF6AB581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606965783.00007FF6AB584000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ff6ab540000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                    • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                    • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                                    • Instruction ID: 788a44a058566f0fe2df519870d83fb93b2e18d304f716b88462ba0aebeb65d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51018F22A1A24386F724AF60A4B627E23A0EF4D708F880136D54DC26B6DF7CE544CA14
                                                                                                                                                                                                                                                    Function 00007FFE75CA4EC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                                                    • String ID: no such name
                                                                                                                                                                                                                                                    • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                                                    • Opcode ID: 395a9204b06d10842d27ff1401529a2fab2db4c300028d58aebe2a064ec5b4ca
                                                                                                                                                                                                                                                    • Instruction ID: 82865472107ec5f02e3ffad0f4fcfed80d6df30c31972caa632962d337b8c8a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 395a9204b06d10842d27ff1401529a2fab2db4c300028d58aebe2a064ec5b4ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A014F37E38B8681EA20CB11EC503B66660FB98F45F401031DA6D4A771EE2CE1458601
                                                                                                                                                                                                                                                    Function 00007FFE75DC12F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607347427.00007FFE75DC1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE75DC0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607325847.00007FFE75DC0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607394026.00007FFE75E15000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607449407.00007FFE75E87000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607470419.00007FFE75E88000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75dc0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Err_LongLong_String
                                                                                                                                                                                                                                                    • String ID: Invalid mode
                                                                                                                                                                                                                                                    • API String ID: 568964304-431149109
                                                                                                                                                                                                                                                    • Opcode ID: 2e3b143024fffb948b6d36cb644d747681586ed00adecaaa304b2e3236bd7830
                                                                                                                                                                                                                                                    • Instruction ID: dd7b9c00eb1b8fd89c20d572f415fe0b201d8d40ee0c9a56ce226171cebd571a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e3b143024fffb948b6d36cb644d747681586ed00adecaaa304b2e3236bd7830
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1F0E5A3E2870285F7125768D88427D23D0EF45F45FC85430CA2C866B0DE2C94D5CB00
                                                                                                                                                                                                                                                    Function 00007FFE75CA2610 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _PyObject_GC_New.PYTHON310(?,?,00000000,00007FFE75CA2523), ref: 00007FFE75CA2616
                                                                                                                                                                                                                                                    • PyObject_GC_Track.PYTHON310(?,?,00000000,00007FFE75CA2523), ref: 00007FFE75CA2648
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2607010719.00007FFE75CA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFE75CA0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2606988966.00007FFE75CA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75CA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D04000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75D53000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607035992.00007FFE75DAC000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607277883.00007FFE75DAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000002.00000002.2607302537.00007FFE75DB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffe75ca0000_c56uoWlDXp.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object_$Track
                                                                                                                                                                                                                                                    • String ID: 3.2.0
                                                                                                                                                                                                                                                    • API String ID: 16854473-1786766648
                                                                                                                                                                                                                                                    • Opcode ID: 130b53709363e2619516061a5c988ffa53525eb8ea4b72339361dea2d0428f1f
                                                                                                                                                                                                                                                    • Instruction ID: 6d790c19874e0c9b77c38330a1474621d0fce1e71f0d691315fedc0fcd7927b9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 130b53709363e2619516061a5c988ffa53525eb8ea4b72339361dea2d0428f1f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01E07527E2AB4291EF15CB61AC442A43AA4FF48F55B540535CD6D02370EF3DE1A5C352