Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
oKfMLwqaRZ.exe

Overview

General Information

Sample name:oKfMLwqaRZ.exe
renamed because original name is a hash value
Original sample name:b40682ddc13c95e3c0228d09a3b6aae2.exe
Analysis ID:1575317
MD5:b40682ddc13c95e3c0228d09a3b6aae2
SHA1:ffbac13d000872dbf5a0bce2b6addf5315e59532
SHA256:f40224ca24a6d189791058779eb4c9bab224caa58b00bd787b1ff981d285d5a4
Tags:exeuser-abuse_ch
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • oKfMLwqaRZ.exe (PID: 7116 cmdline: "C:\Users\user\Desktop\oKfMLwqaRZ.exe" MD5: B40682DDC13C95E3C0228D09A3B6AAE2)
    • oKfMLwqaRZ.exe (PID: 2136 cmdline: "C:\Users\user\Desktop\oKfMLwqaRZ.exe" MD5: B40682DDC13C95E3C0228D09A3B6AAE2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: oKfMLwqaRZ.exeVirustotal: Detection: 19%Perma Link
Source: oKfMLwqaRZ.exeReversingLabs: Detection: 21%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.6% probability
Machine Learning detection for sample
Source: oKfMLwqaRZ.exeJoe Sandbox ML: detected
Source: oKfMLwqaRZ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705794057.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706068120.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702856454.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: oKfMLwqaRZ.exe, 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703475059.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702576673.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704375881.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705580142.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706150073.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: oKfMLwqaRZ.exe, 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703119908.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705230175.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704201109.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705498153.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702664649.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
Source: Binary string: vcruntime140.amd64.pdbGCTL source: oKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1717919042.00007FFE1A45E000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703754063.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702308488.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702761085.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705412608.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: .PdB] source: oKfMLwqaRZ.exe
Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703937305.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: ucrtbase.pdbUGP source: oKfMLwqaRZ.exe, 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source: Binary string: vcruntime140.amd64.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1717919042.00007FFE1A45E000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706332790.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703032782.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704290544.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703649488.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702484606.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705318137.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: oKfMLwqaRZ.exe, 00000001.00000002.1717126407.00007FFDFB76D000.00000002.00000001.01000000.00000005.sdmp, python38.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705888926.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703380293.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703845683.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703562950.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706419699.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704026747.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704463031.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.0.dr
Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704116297.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702942938.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705977165.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703292775.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703206247.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705690733.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706239763.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C085A0 FindFirstFileExW,FindClose,0_2_00007FF685C085A0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C079B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF685C079B0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C20B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF685C20B84
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C085A0 FindFirstFileExW,FindClose,1_2_00007FF685C085A0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C079B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF685C079B0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C20B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF685C20B84
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007A3280 FindFirstFileExW,FindNextFileW,FindClose,1_2_00007FFE007A3280
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007A303C FindFirstFileExW,FindNextFileW,FindClose,1_2_00007FFE007A303C
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micg
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0N
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: python38.dll.0.drString found in binary or memory: http://python.org/dev/peps/pep-0263/
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703475059.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1703119908.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1705498153.0000021934A73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
Source: oKfMLwqaRZ.exe, 00000000.00000003.1706571060.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714208002.0000023316AA6000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714161432.0000023316AA5000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: oKfMLwqaRZ.exe, 00000001.00000003.1713776141.0000023314B46000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1716316170.00000233169C0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: oKfMLwqaRZ.exe, 00000001.00000003.1714221752.0000023314AC0000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714536522.0000023314AFD000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1715908378.0000023314AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: oKfMLwqaRZ.exe, 00000001.00000002.1716086986.0000023316330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: oKfMLwqaRZ.exe, 00000001.00000002.1715908378.0000023314AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: oKfMLwqaRZ.exe, 00000001.00000003.1714221752.0000023314AC0000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714536522.0000023314AFD000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1715908378.0000023314AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: oKfMLwqaRZ.exe, 00000001.00000003.1714221752.0000023314AC0000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714536522.0000023314AFD000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1715908378.0000023314AFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A80000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: libcrypto-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C010000_2_00007FF685C01000
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C25C740_2_00007FF685C25C74
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C1FBD80_2_00007FF685C1FBD8
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C24F100_2_00007FF685C24F10
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C257280_2_00007FF685C25728
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C11F300_2_00007FF685C11F30
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C1FBD80_2_00007FF685C1FBD8
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C22F200_2_00007FF685C22F20
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C10E700_2_00007FF685C10E70
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C095FB0_2_00007FF685C095FB
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C1CD6C0_2_00007FF685C1CD6C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C128C00_2_00007FF685C128C0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C1D8800_2_00007FF685C1D880
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C150400_2_00007FF685C15040
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C110740_2_00007FF685C11074
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C09FCD0_2_00007FF685C09FCD
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C0979B0_2_00007FF685C0979B
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C08B200_2_00007FF685C08B20
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C112800_2_00007FF685C11280
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C17AAC0_2_00007FF685C17AAC
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C28A380_2_00007FF685C28A38
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C10A600_2_00007FF685C10A60
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C1D2000_2_00007FF685C1D200
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C2518C0_2_00007FF685C2518C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C191B00_2_00007FF685C191B0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C12CC40_2_00007FF685C12CC4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C114840_2_00007FF685C11484
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C10C640_2_00007FF685C10C64
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C233BC0_2_00007FF685C233BC
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C173F40_2_00007FF685C173F4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C20B840_2_00007FF685C20B84
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C24F101_2_00007FF685C24F10
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C010001_2_00007FF685C01000
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C25C741_2_00007FF685C25C74
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C257281_2_00007FF685C25728
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C11F301_2_00007FF685C11F30
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C1FBD81_2_00007FF685C1FBD8
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C22F201_2_00007FF685C22F20
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C10E701_2_00007FF685C10E70
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C095FB1_2_00007FF685C095FB
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C1CD6C1_2_00007FF685C1CD6C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C128C01_2_00007FF685C128C0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C1D8801_2_00007FF685C1D880
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C150401_2_00007FF685C15040
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C110741_2_00007FF685C11074
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C09FCD1_2_00007FF685C09FCD
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C0979B1_2_00007FF685C0979B
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C08B201_2_00007FF685C08B20
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C112801_2_00007FF685C11280
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C17AAC1_2_00007FF685C17AAC
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C28A381_2_00007FF685C28A38
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C10A601_2_00007FF685C10A60
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C1D2001_2_00007FF685C1D200
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C2518C1_2_00007FF685C2518C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C191B01_2_00007FF685C191B0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C12CC41_2_00007FF685C12CC4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C114841_2_00007FF685C11484
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C10C641_2_00007FF685C10C64
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C233BC1_2_00007FF685C233BC
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C173F41_2_00007FF685C173F4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C1FBD81_2_00007FF685C1FBD8
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C20B841_2_00007FF685C20B84
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0074D1201_2_00007FFE0074D120
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007C00BC1_2_00007FFE007C00BC
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007512001_2_00007FFE00751200
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007562D01_2_00007FFE007562D0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007403001_2_00007FFE00740300
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007383101_2_00007FFE00738310
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0073233C1_2_00007FFE0073233C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007332741_2_00007FFE00733274
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0075C4291_2_00007FFE0075C429
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0073C3601_2_00007FFE0073C360
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007523841_2_00007FFE00752384
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0073F5201_2_00007FFE0073F520
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0074F5A41_2_00007FFE0074F5A4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007416D01_2_00007FFE007416D0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007326F81_2_00007FFE007326F8
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007727401_2_00007FFE00772740
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007388541_2_00007FFE00738854
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007428B01_2_00007FFE007428B0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0074DAC01_2_00007FFE0074DAC0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007A2A681_2_00007FFE007A2A68
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0073FBE01_2_00007FFE0073FBE0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE00797BFC1_2_00007FFE00797BFC
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE00735B5C1_2_00007FFE00735B5C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007A2C481_2_00007FFE007A2C48
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007D8DF81_2_00007FFE007D8DF8
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE00760E151_2_00007FFE00760E15
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007D5E641_2_00007FFE007D5E64
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0075F0001_2_00007FFE0075F000
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0073D0301_2_00007FFE0073D030
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0073FF601_2_00007FFE0073FF60
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE00732FA01_2_00007FFE00732FA0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE13306AE41_2_00007FFE13306AE4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE13302DD01_2_00007FFE13302DD0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E3CF01_2_00007FFE148E3CF0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E2D301_2_00007FFE148E2D30
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E1A801_2_00007FFE148E1A80
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E1A801_2_00007FFE148E1A80
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E521C1_2_00007FFE148E521C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E26301_2_00007FFE148E2630
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E31401_2_00007FFE148E3140
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E37B01_2_00007FFE148E37B0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE1A45D1301_2_00007FFE1A45D130
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE1A4571CC1_2_00007FFE1A4571CC
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: String function: 00007FF685C02760 appears 36 times
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: String function: 00007FF685C025F0 appears 100 times
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: oKfMLwqaRZ.exe, 00000000.00000003.1702308488.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705580142.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1702761085.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1704116297.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705888926.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703032782.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703206247.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1704375881.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1704026747.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705977165.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705230175.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1704201109.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1706150073.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705690733.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703754063.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1702664649.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1704463031.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1706068120.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703380293.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703649488.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython38.dll. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703845683.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703475059.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703937305.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703119908.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1702484606.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703562950.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1706419699.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1702576673.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705412608.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1710280561.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705318137.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705498153.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1706332790.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1702856454.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ha vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1704290544.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1706239763.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1705794057.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1702942938.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1703292775.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exeBinary or memory string: OriginalFilename vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000001.00000003.1713123493.0000023314AF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000001.00000002.1717952696.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000001.00000003.1712956016.0000023314AF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000001.00000003.1713444263.0000023314AF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000001.00000002.1717533155.00007FFDFB87F000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython38.dll. vs oKfMLwqaRZ.exe
Source: oKfMLwqaRZ.exe, 00000001.00000003.1713259344.0000023314AF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs oKfMLwqaRZ.exe
Source: classification engineClassification label: mal56.winEXE@3/51@0/0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C029E0 GetLastError,FormatMessageW,MessageBoxW,0_2_00007FF685C029E0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162Jump to behavior
Source: oKfMLwqaRZ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: oKfMLwqaRZ.exeVirustotal: Detection: 19%
Source: oKfMLwqaRZ.exeReversingLabs: Detection: 21%
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile read: C:\Users\user\Desktop\oKfMLwqaRZ.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\oKfMLwqaRZ.exe "C:\Users\user\Desktop\oKfMLwqaRZ.exe"
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeProcess created: C:\Users\user\Desktop\oKfMLwqaRZ.exe "C:\Users\user\Desktop\oKfMLwqaRZ.exe"
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeProcess created: C:\Users\user\Desktop\oKfMLwqaRZ.exe "C:\Users\user\Desktop\oKfMLwqaRZ.exe"Jump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: oKfMLwqaRZ.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: oKfMLwqaRZ.exeStatic file information: File size 5915958 > 1048576
Source: oKfMLwqaRZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: oKfMLwqaRZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: oKfMLwqaRZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: oKfMLwqaRZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: oKfMLwqaRZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: oKfMLwqaRZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: oKfMLwqaRZ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: oKfMLwqaRZ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705794057.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706068120.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702856454.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: oKfMLwqaRZ.exe, 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703475059.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702576673.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704375881.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705580142.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706150073.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: oKfMLwqaRZ.exe, 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703119908.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705230175.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704201109.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705498153.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702664649.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
Source: Binary string: vcruntime140.amd64.pdbGCTL source: oKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1717919042.00007FFE1A45E000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703754063.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702308488.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702761085.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705412608.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: .PdB] source: oKfMLwqaRZ.exe
Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703937305.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: ucrtbase.pdbUGP source: oKfMLwqaRZ.exe, 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source: Binary string: vcruntime140.amd64.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1717919042.00007FFE1A45E000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706332790.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703032782.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704290544.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703649488.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702484606.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1d 10 Sep 2019built on: Mon Sep 16 11:00:37 2019 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705318137.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: oKfMLwqaRZ.exe, 00000001.00000002.1717126407.00007FFDFB76D000.00000002.00000001.01000000.00000005.sdmp, python38.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705888926.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703380293.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703845683.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703562950.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706419699.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704026747.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704463031.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.0.dr
Source: Binary string: C:\A\6\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1704116297.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1702942938.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705977165.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703292775.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1703206247.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A7C000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1705690733.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: oKfMLwqaRZ.exe, 00000000.00000003.1706239763.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr
Source: oKfMLwqaRZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: oKfMLwqaRZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: oKfMLwqaRZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: oKfMLwqaRZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: oKfMLwqaRZ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: ucrtbase.dll.0.drStatic PE information: 0x81CF5D89 [Wed Jan 5 14:32:41 2039 UTC]
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0075A096 push rdi; ret 1_2_00007FFE0075A0A2
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE00760200 push rdi; ret 1_2_00007FFE00760206
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0075A5B5 push rdi; ret 1_2_00007FFE0075A5BB
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0075FAED push rdi; ret 1_2_00007FFE0075FAF4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE1A45CB1B push rbp; retf 1_2_00007FFE1A45CB28
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\python38.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\select.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI71162\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C06EA0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF685C06EA0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\select.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\python38.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI71162\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17869
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeAPI coverage: 1.9 %
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C085A0 FindFirstFileExW,FindClose,0_2_00007FF685C085A0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C079B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF685C079B0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C20B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF685C20B84
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C085A0 FindFirstFileExW,FindClose,1_2_00007FF685C085A0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C079B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF685C079B0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C20B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF685C20B84
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007A3280 FindFirstFileExW,FindNextFileW,FindClose,1_2_00007FFE007A3280
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007A303C FindFirstFileExW,FindNextFileW,FindClose,1_2_00007FFE007A303C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE133101A4 GetSystemInfo,VirtualAlloc,1_2_00007FFE133101A4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C19924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF685C19924
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C22790 GetProcessHeap,0_2_00007FF685C22790
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C0C62C SetUnhandledExceptionFilter,0_2_00007FF685C0C62C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C19924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF685C19924
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C0C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF685C0C44C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C0BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF685C0BBC0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C0C62C SetUnhandledExceptionFilter,1_2_00007FF685C0C62C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C19924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF685C19924
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C0C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF685C0C44C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FF685C0BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF685C0BBC0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE0077A184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0077A184
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE007A0F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE007A0F20
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE13306810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE13306810
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE13305DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE13305DF8
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE133069F8 SetUnhandledExceptionFilter,1_2_00007FFE133069F8
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E5054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE148E5054
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE148E4A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE148E4A34
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 1_2_00007FFE1A45D414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1A45D414
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeProcess created: C:\Users\user\Desktop\oKfMLwqaRZ.exe "C:\Users\user\Desktop\oKfMLwqaRZ.exe"Jump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C28880 cpuid 0_2_00007FF685C28880
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,1_2_00007FFE0079D2E0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: GetPrimaryLen,EnumSystemLocalesW,1_2_00007FFE0079F3C4
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: EnumSystemLocalesW,1_2_00007FFE0079F35C
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: GetPrimaryLen,EnumSystemLocalesW,1_2_00007FFE0079F478
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00007FFE0079F8C0
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00007FFE0079FA48
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: GetProcAddress,GetLocaleInfoW,1_2_00007FFE0074DC20
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Desktop\oKfMLwqaRZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Desktop\oKfMLwqaRZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Desktop\oKfMLwqaRZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-datetime-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-debug-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-errorhandling-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-2-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l2-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-handle-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-libraryloader-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-namedpipe-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processenvironment-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-rtlsupport-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-2-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-time-l1-1-0.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\libcrypto-1_1.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Desktop\oKfMLwqaRZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Desktop\oKfMLwqaRZ.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI71162 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Desktop\CURQNKVOIX VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\DVWHKMNFNN VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\GAOBCVIQIJ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\HTAGVDFUIE VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\KATAXZVCPS VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\My Music VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\My Pictures VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Pictures\Camera Roll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Pictures\Saved Pictures VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\My Videos VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\RAYHIWGKDI VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\UOOJJOZIRH VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Documents\YPSIACHYXW VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Pictures VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeQueries volume information: C:\Users\user\Music VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C0C330 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF685C0C330
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeCode function: 0_2_00007FF685C24F10 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF685C24F10
Source: C:\Users\user\Desktop\oKfMLwqaRZ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Timestomp		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS34
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
oKfMLwqaRZ.exe19%VirustotalBrowse
oKfMLwqaRZ.exe21%ReversingLabsWin64.Malware.Generic
oKfMLwqaRZ.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI71162\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\VCRUNTIME140.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI71162\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\_bz2.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI71162\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\_ctypes.pyd0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\_MEI71162\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\python38.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\ucrtbase.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI71162\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.micg0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688oKfMLwqaRZ.exe, 00000001.00000002.1716086986.0000023316330000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    http://python.org/dev/peps/pep-0263/python38.dll.0.drfalse
      		high
      http://crl.thawte.com/ThawteTimestampingCA.crl0oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.drfalse
        		high
        http://ocsp.thawte.com0oKfMLwqaRZ.exe, 00000000.00000003.1701189940.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1702177547.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707120732.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701352343.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1708996539.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701980077.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1707958040.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1701847150.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710056473.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1710742416.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, python38.dll.0.dr, select.pyd.0.dr, _socket.pyd.0.dr, _ctypes.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.dr, libffi-7.dll.0.drfalse
          		high
          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readeroKfMLwqaRZ.exe, 00000001.00000003.1714221752.0000023314AC0000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714536522.0000023314AFD000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1715908378.0000023314AFE000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://www.openssl.org/Hlibcrypto-1_1.dll.0.drfalse
              		high
              http://crl.micoKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://crl.micgoKfMLwqaRZ.exe, 00000000.00000003.1701013983.0000021934A73000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.microsoft.oKfMLwqaRZ.exe, 00000000.00000003.1703475059.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1703119908.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000000.00000003.1705498153.0000021934A73000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://www.python.org/dev/peps/pep-0205/oKfMLwqaRZ.exe, 00000000.00000003.1706571060.0000021934A73000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714208002.0000023316AA6000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714161432.0000023316AA5000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                    		high
                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#oKfMLwqaRZ.exe, 00000001.00000003.1714221752.0000023314AC0000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714536522.0000023314AFD000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1715908378.0000023314AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyoKfMLwqaRZ.exe, 00000001.00000002.1715908378.0000023314AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.python.org/download/releases/2.3/mro/.oKfMLwqaRZ.exe, 00000001.00000003.1713776141.0000023314B46000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1716316170.00000233169C0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                          		high
                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syoKfMLwqaRZ.exe, 00000001.00000003.1714221752.0000023314AC0000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000003.1714536522.0000023314AFD000.00000004.00000020.00020000.00000000.sdmp, oKfMLwqaRZ.exe, 00000001.00000002.1715908378.0000023314AFE000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high

                            World Map of Contacted IPs

                            No contacted IP infos

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1575317
                            Start date and time:2024-12-15 09:10:08 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 24s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:2
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:oKfMLwqaRZ.exe
                            renamed because original name is a hash value
                            Original Sample Name:b40682ddc13c95e3c0228d09a3b6aae2.exe
                            Detection:MAL
                            Classification:mal56.winEXE@3/51@0/0
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Stop behavior analysis, all processes terminated

                            Warnings

                            • Report size exceeded maximum capacity and may have missing disassembly code.

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Temp\_MEI71162\VCRUNTIME140.dllmggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                              yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                file.exeGet hashmaliciousRedLineBrowse
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                    IYXE4Uz61k.exeGet hashmaliciousDCRat, PureLog Stealer, Xmrig, zgRATBrowse
                                      JtmrbbWy9W.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousRedLineBrowse
                                          Microsoft.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                            app.exeGet hashmaliciousUnknownBrowse
                                              SecuriteInfo.com.Trojan.Siggen29.60257.7997.27318.exeGet hashmaliciousMicroClip, RedLineBrowse

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\VCRUNTIME140.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):89752
                                                Entropy (8bit):6.5021374229557996
                                                Encrypted:false
                                                SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                Joe Sandbox View:
                                                • Filename: mggoBrtk9t.exe, Detection: malicious, Browse
                                                • Filename: yINR7uQlPr.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: IYXE4Uz61k.exe, Detection: malicious, Browse
                                                • Filename: JtmrbbWy9W.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: Microsoft.exe, Detection: malicious, Browse
                                                • Filename: app.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.Trojan.Siggen29.60257.7997.27318.exe, Detection: malicious, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\_bz2.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):84040
                                                Entropy (8bit):6.41469022264903
                                                Encrypted:false
                                                SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\_ctypes.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):123464
                                                Entropy (8bit):5.886703955852103
                                                Encrypted:false
                                                SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\_hashlib.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):45640
                                                Entropy (8bit):5.996546047346997
                                                Encrypted:false
                                                SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\_lzma.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):252488
                                                Entropy (8bit):6.080982550390949
                                                Encrypted:false
                                                SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                MD5:37057C92F50391D0751F2C1D7AD25B02
                                                SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\_socket.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):78920
                                                Entropy (8bit):6.061178831576516
                                                Encrypted:false
                                                SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                MD5:D6BAE4B430F349AB42553DC738699F0E
                                                SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-console-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.035406046605262
                                                Encrypted:false
                                                SSDEEP:384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
                                                MD5:B56D69079D2001C1B2AF272774B53A64
                                                SHA1:67EDE1C5A71412B11847F79F5A684EABAF00DE01
                                                SHA-256:F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
                                                SHA-512:7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-datetime-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.0443036655888225
                                                Encrypted:false
                                                SSDEEP:384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
                                                MD5:5AF784F599437629DEEA9FE4E8EB4799
                                                SHA1:3C891B920FD2703EDD6881117EA035CED5A619F6
                                                SHA-256:7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
                                                SHA-512:4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-debug-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.049693596229206
                                                Encrypted:false
                                                SSDEEP:192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
                                                MD5:E1CA15CF0597C6743B3876AF23A96960
                                                SHA1:301231F7250431BD122B12ED34A8D4E8BB379457
                                                SHA-256:990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
                                                SHA-512:7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-errorhandling-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.0758779488098416
                                                Encrypted:false
                                                SSDEEP:384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
                                                MD5:8D6599D7C4897DCD0217070CCA074574
                                                SHA1:25EACAAA4C6F89945E97388796A8C85BA6FB01FB
                                                SHA-256:A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
                                                SHA-512:E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):23320
                                                Entropy (8bit):6.972639549935684
                                                Encrypted:false
                                                SSDEEP:384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
                                                MD5:642B29701907E98E2AA7D36EBA7D78B8
                                                SHA1:16F46B0E057816F3592F9C0A6671111EA2F35114
                                                SHA-256:5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
                                                SHA-512:1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l1-2-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.053716052760641
                                                Encrypted:false
                                                SSDEEP:384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
                                                MD5:F0C73F7454A5CE6FB8E3D795FDB0235D
                                                SHA1:ACDD6C5A359421D268B28DDF19D3BCB71F36C010
                                                SHA-256:2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
                                                SHA-512:BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-file-l2-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.113839950805383
                                                Encrypted:false
                                                SSDEEP:384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
                                                MD5:7D4D4593B478B4357446C106B64E61F8
                                                SHA1:8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
                                                SHA-256:0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
                                                SHA-512:7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-handle-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.052601866399419
                                                Encrypted:false
                                                SSDEEP:384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
                                                MD5:7BC1B8712E266DB746914DB48B27EF9C
                                                SHA1:C76EB162C23865B3F1BD7978F7979D6BA09CCB60
                                                SHA-256:F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
                                                SHA-512:DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-heap-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.028564065154355
                                                Encrypted:false
                                                SSDEEP:192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
                                                MD5:B071E761CEA670D89D7AE80E016CE7E6
                                                SHA1:C675BE753DBEF1624100F16674C2221A20CF07DD
                                                SHA-256:63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
                                                SHA-512:F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-interlocked-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.064651561006373
                                                Encrypted:false
                                                SSDEEP:192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
                                                MD5:1DCCF27F2967601CE6666C8611317F03
                                                SHA1:D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
                                                SHA-256:6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
                                                SHA-512:70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-libraryloader-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.078698929399523
                                                Encrypted:false
                                                SSDEEP:384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
                                                MD5:569A7AC3F6824A04282FF708C629A6D2
                                                SHA1:FC0D78DE1075DFD4C1024A72074D09576D4D4181
                                                SHA-256:84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
                                                SHA-512:E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-localization-l1-2-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22296
                                                Entropy (8bit):7.054401722955359
                                                Encrypted:false
                                                SSDEEP:384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
                                                MD5:1D75E7B9F68C23A195D408CF02248119
                                                SHA1:62179FC9A949D238BB221D7C2F71BA7C1680184C
                                                SHA-256:67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
                                                SHA-512:C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-memory-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.0496932942785735
                                                Encrypted:false
                                                SSDEEP:384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
                                                MD5:623283471B12F1BDB83E25DBAFAF9C16
                                                SHA1:ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
                                                SHA-256:9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
                                                SHA-512:54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-namedpipe-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.110045595478065
                                                Encrypted:false
                                                SSDEEP:384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
                                                MD5:61F70F2D1E3F22E976053DF5F3D8ECB7
                                                SHA1:7D224B7F404CDE960E6B7A1C449B41050C8E9C58
                                                SHA-256:2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
                                                SHA-512:1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processenvironment-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20760
                                                Entropy (8bit):7.026463196608447
                                                Encrypted:false
                                                SSDEEP:384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
                                                MD5:1322690996CF4B2B7275A7950BAD9856
                                                SHA1:502E05ED81E3629EA3ED26EE84A4E7C07F663735
                                                SHA-256:5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
                                                SHA-512:7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processthreads-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21784
                                                Entropy (8bit):7.053725357941814
                                                Encrypted:false
                                                SSDEEP:384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
                                                MD5:95612A8A419C61480B670D6767E72D09
                                                SHA1:3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
                                                SHA-256:6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
                                                SHA-512:570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-processthreads-l1-1-1.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.060875826104053
                                                Encrypted:false
                                                SSDEEP:384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
                                                MD5:D6AD0F2652460F428C0E8FC40B6F6115
                                                SHA1:1A5152871ABC5CF3D4868A218DE665105563775E
                                                SHA-256:4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
                                                SHA-512:CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-profile-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19224
                                                Entropy (8bit):7.1376464003004685
                                                Encrypted:false
                                                SSDEEP:192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
                                                MD5:654D95515AB099639F2739685CB35977
                                                SHA1:9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
                                                SHA-256:C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
                                                SHA-512:9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.038577027863076
                                                Encrypted:false
                                                SSDEEP:384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
                                                MD5:E6B7681CCC718DDB69C48ABE8709FDD6
                                                SHA1:A518B705746B2C6276F56A2F1C996360B837D548
                                                SHA-256:4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
                                                SHA-512:89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-string-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.087741938037833
                                                Encrypted:false
                                                SSDEEP:384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
                                                MD5:BCB412464F01467F1066E94085957F42
                                                SHA1:716C11B5D759D59DBFEC116874E382D69F9A25B6
                                                SHA-256:F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
                                                SHA-512:79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21784
                                                Entropy (8bit):7.005386895286503
                                                Encrypted:false
                                                SSDEEP:384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
                                                MD5:B98598657162DE8FBC1536568F1E5A4F
                                                SHA1:F7C020220025101638FD690D86C53D895A03E53C
                                                SHA-256:F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
                                                SHA-512:AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-synch-l1-2-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.091480115020503
                                                Encrypted:false
                                                SSDEEP:384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
                                                MD5:B751571148923D943F828A1DEB459E24
                                                SHA1:D4160404C2AA6AEAF3492738F5A6CE476A0584A6
                                                SHA-256:B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
                                                SHA-512:26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-sysinfo-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20760
                                                Entropy (8bit):7.031246620579023
                                                Encrypted:false
                                                SSDEEP:384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
                                                MD5:8AEA681E0E2B9ABBF73A924003247DBB
                                                SHA1:5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
                                                SHA-256:286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
                                                SHA-512:08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-timezone-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.126809628880692
                                                Encrypted:false
                                                SSDEEP:192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
                                                MD5:EAB486E4719B916CAD05D64CD4E72E43
                                                SHA1:876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
                                                SHA-256:05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
                                                SHA-512:C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-core-util-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):19736
                                                Entropy (8bit):7.050436266578937
                                                Encrypted:false
                                                SSDEEP:192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
                                                MD5:EDD61FF85D75794DC92877F793A2CEF6
                                                SHA1:DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
                                                SHA-256:8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
                                                SHA-512:6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-conio-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20760
                                                Entropy (8bit):7.043213792651867
                                                Encrypted:false
                                                SSDEEP:384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
                                                MD5:22BFE210B767A667B0F3ED692A536E4E
                                                SHA1:88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
                                                SHA-256:F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
                                                SHA-512:CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-convert-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):23832
                                                Entropy (8bit):6.893758159434215
                                                Encrypted:false
                                                SSDEEP:384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
                                                MD5:DA5E087677C8EBBC0062EAC758DFED49
                                                SHA1:CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
                                                SHA-256:08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
                                                SHA-512:6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-environment-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.034562111482961
                                                Encrypted:false
                                                SSDEEP:192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
                                                MD5:33A0FE1943C5A325F93679D6E9237FEE
                                                SHA1:737D2537D602308FC022DBC0C29AA607BCDEC702
                                                SHA-256:5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
                                                SHA-512:CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-filesystem-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):21784
                                                Entropy (8bit):7.046057210626605
                                                Encrypted:false
                                                SSDEEP:384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
                                                MD5:633DCA52DA4EBAA6F4BF268822C6DC88
                                                SHA1:1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
                                                SHA-256:424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
                                                SHA-512:ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-heap-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20760
                                                Entropy (8bit):7.011889321604509
                                                Encrypted:false
                                                SSDEEP:384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
                                                MD5:43BF2037BFD3FB60E1FEDAC634C6F86E
                                                SHA1:959EEBE41D905AD3AFA4254A52628EC13613CF70
                                                SHA-256:735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
                                                SHA-512:7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-locale-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.08402114712403
                                                Encrypted:false
                                                SSDEEP:384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
                                                MD5:D51BC845C4EFBFDBD68E8CCFFDAD7375
                                                SHA1:C82E580EC68C48E613C63A4C2F9974BB59182CF6
                                                SHA-256:89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
                                                SHA-512:2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-math-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):28952
                                                Entropy (8bit):6.688687241998293
                                                Encrypted:false
                                                SSDEEP:384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
                                                MD5:487F72D0CF7DC1D85FA18788A1B46813
                                                SHA1:0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
                                                SHA-256:560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
                                                SHA-512:B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-process-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20760
                                                Entropy (8bit):7.028263219925353
                                                Encrypted:false
                                                SSDEEP:384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
                                                MD5:54A8FCA040976F2AAC779A344B275C80
                                                SHA1:EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
                                                SHA-256:7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
                                                SHA-512:CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-runtime-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):24344
                                                Entropy (8bit):6.897926491070706
                                                Encrypted:false
                                                SSDEEP:384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
                                                MD5:21B509D048418922B92985696710AFCA
                                                SHA1:C499DD098AAB8C7E05B8B0FD55F994472D527203
                                                SHA-256:FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
                                                SHA-512:C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-stdio-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):25880
                                                Entropy (8bit):6.843889819511554
                                                Encrypted:false
                                                SSDEEP:384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
                                                MD5:120A5DC2682CD2A838E0FC0EFD45506E
                                                SHA1:8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
                                                SHA-256:C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
                                                SHA-512:4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-string-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):25880
                                                Entropy (8bit):6.8416401850774395
                                                Encrypted:false
                                                SSDEEP:768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
                                                MD5:F22FACA49E4D5D80EC26ED31E7ECD0E0
                                                SHA1:473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
                                                SHA-256:1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
                                                SHA-512:C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-time-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):22296
                                                Entropy (8bit):6.97368865913958
                                                Encrypted:false
                                                SSDEEP:384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
                                                MD5:2FD0DA47811B8ED4A0ABDF9030419381
                                                SHA1:46E3F21A9BD31013A804BA45DC90CC22331A60D1
                                                SHA-256:DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
                                                SHA-512:2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\api-ms-win-crt-utility-l1-1-0.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):20248
                                                Entropy (8bit):7.0800725103781765
                                                Encrypted:false
                                                SSDEEP:384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
                                                MD5:FE1096F1ADE3342F049921928327F553
                                                SHA1:118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
                                                SHA-256:88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
                                                SHA-512:0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\base_library.zip

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                Category:dropped
                                                Size (bytes):841697
                                                Entropy (8bit):5.484581034394053
                                                Encrypted:false
                                                SSDEEP:24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
                                                MD5:F4981249047E4B7709801A388E2965AF
                                                SHA1:42847B581E714A407A0B73E5DAB019B104EC9AF2
                                                SHA-256:B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
                                                SHA-512:E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
                                                Malicious:false
                                                Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\libcrypto-1_1.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):3381792
                                                Entropy (8bit):6.094908167946797
                                                Encrypted:false
                                                SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\libffi-7.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):32792
                                                Entropy (8bit):6.372276555451265
                                                Encrypted:false
                                                SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                MD5:4424BAF6ED5340DF85482FA82B857B03
                                                SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\python38.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):4183112
                                                Entropy (8bit):6.420172758698049
                                                Encrypted:false
                                                SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                MD5:D2A8A5E7380D5F4716016777818A32C5
                                                SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\select.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):26696
                                                Entropy (8bit):6.101296746249305
                                                Encrypted:false
                                                SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                MD5:6AE54D103866AAD6F58E119D27552131
                                                SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\ucrtbase.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):1046080
                                                Entropy (8bit):6.649151787942547
                                                Encrypted:false
                                                SSDEEP:24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
                                                MD5:4E326FEEB3EBF1E3EB21EEB224345727
                                                SHA1:F156A272DBC6695CC170B6091EF8CD41DB7BA040
                                                SHA-256:3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
                                                SHA-512:BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\_MEI71162\unicodedata.pyd

                                                Download File
                                                Process:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                Category:dropped
                                                Size (bytes):1096264
                                                Entropy (8bit):5.343512979675051
                                                Encrypted:false
                                                SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                MD5:4C0D43F1A31E76255CB592BB616683E7
                                                SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Entropy (8bit):7.9860937778360945
                                                TrID:
                                                • Win64 Executable GUI (202006/5) 92.65%
                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                • DOS Executable Generic (2002/1) 0.92%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:oKfMLwqaRZ.exe
                                                File size:5'915'958 bytes
                                                MD5:b40682ddc13c95e3c0228d09a3b6aae2
                                                SHA1:ffbac13d000872dbf5a0bce2b6addf5315e59532
                                                SHA256:f40224ca24a6d189791058779eb4c9bab224caa58b00bd787b1ff981d285d5a4
                                                SHA512:b186331b49e7821466fd003980f9ca57f5bcf41574c1d1893b8949d8a944ffe67f06d8a67d4bfdf4599fcd4f3282c36bed1fc8585e1f8dd541e8fdf121f48eeb
                                                SSDEEP:98304:ce0q2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFaeu8+qBC:cp0HiouWJysVYvsOaoyMxxvjDDAx0aec
                                                TLSH:DD56335462A00EE6FAF7913DD8A4C811D673B4270711E49B82E4462A7F276F0EE39F71
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc.....[hc...`.Qhc...g.Ihc...f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d..

                                                File Icon

                                                Icon Hash:4a464cd47461e179

                                                Static PE Info

                                                General

                                                Entrypoint:0x14000c0d0
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x140000000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x675D83A8 [Sat Dec 14 13:10:00 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:6
                                                OS Version Minor:0
                                                File Version Major:6
                                                File Version Minor:0
                                                Subsystem Version Major:6
                                                Subsystem Version Minor:0
                                                Import Hash:456e8615ad4320c9f54e50319a19df9c

                                                Entrypoint Preview

                                                Instruction
                                                dec eax
                                                sub esp, 28h
                                                call 00007F34C90692FCh
                                                dec eax
                                                add esp, 28h
                                                jmp 00007F34C9068F1Fh
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                dec eax
                                                sub esp, 28h
                                                call 00007F34C90696C8h
                                                test eax, eax
                                                je 00007F34C90690C3h
                                                dec eax
                                                mov eax, dword ptr [00000030h]
                                                dec eax
                                                mov ecx, dword ptr [eax+08h]
                                                jmp 00007F34C90690A7h
                                                dec eax
                                                cmp ecx, eax
                                                je 00007F34C90690B6h
                                                xor eax, eax
                                                dec eax
                                                cmpxchg dword ptr [0003843Ch], ecx
                                                jne 00007F34C9069090h
                                                xor al, al
                                                dec eax
                                                add esp, 28h
                                                ret
                                                mov al, 01h
                                                jmp 00007F34C9069099h
                                                int3
                                                int3
                                                int3
                                                dec eax
                                                sub esp, 28h
                                                test ecx, ecx
                                                jne 00007F34C90690A9h
                                                mov byte ptr [00038425h], 00000001h
                                                call 00007F34C90687F5h
                                                call 00007F34C9069AE0h
                                                test al, al
                                                jne 00007F34C90690A6h
                                                xor al, al
                                                jmp 00007F34C90690B6h
                                                call 00007F34C90765EFh
                                                test al, al
                                                jne 00007F34C90690ABh
                                                xor ecx, ecx
                                                call 00007F34C9069AF0h
                                                jmp 00007F34C906908Ch
                                                mov al, 01h
                                                dec eax
                                                add esp, 28h
                                                ret
                                                int3
                                                int3
                                                inc eax
                                                push ebx
                                                dec eax
                                                sub esp, 20h
                                                cmp byte ptr [000383ECh], 00000000h
                                                mov ebx, ecx
                                                jne 00007F34C9069109h
                                                cmp ecx, 01h
                                                jnbe 00007F34C906910Ch
                                                call 00007F34C906963Eh
                                                test eax, eax
                                                je 00007F34C90690CAh
                                                test ebx, ebx
                                                jne 00007F34C90690C6h
                                                dec eax
                                                lea ecx, dword ptr [000383D6h]
                                                call 00007F34C90763E2h

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3c76c0x78.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000xf41c.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x2208.pdata
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x590000x768.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x39dc00x1c.rdata
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39c800x140.rdata
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x450.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x292100x29400aca64598002ecff9eefbc96554edf015False0.5511067708333334data6.4784482217419175IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x2b0000x126420x12800deee9e1eb2ec3e10788261c9e0925ff2False0.5245328336148649data5.7508579952352115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x3e0000x73d80xe00d0a288978c66419b180b35f625b6dce7False0.13532366071428573data1.8378139998458343IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .pdata0x460000x22080x240074cf3ea22e0a1756984435d6f80f7da5False0.4671223958333333data5.259201915045256IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .rsrc0x490000xf41c0xf60067d67d1491ed1bb007b5d15c2f5a8a9cFalse0.8030837144308943data7.554978390832909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x590000x7680x80071de9271648326ec88350e903470cf3eFalse0.5576171875data5.283119454571673IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x492080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                RT_ICON0x4a0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                RT_ICON0x4a9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                RT_ICON0x4aec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                RT_ICON0x543ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                RT_ICON0x569940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                RT_ICON0x57a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                RT_GROUP_ICON0x57ea40x68data0.7019230769230769
                                                RT_MANIFEST0x57f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                Imports

                                                DLLImport
                                                USER32.dllCreateWindowExW, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                COMCTL32.dll
                                                KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, GetLastError, FormatMessageW, GetModuleFileNameW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, GetEnvironmentStringsW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, WaitForSingleObject, Sleep, GetCurrentProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, IsProcessorFeaturePresent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                Network Behavior

                                                No network behavior found

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:03:11:02
                                                Start date:15/12/2024
                                                Path:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\Desktop\oKfMLwqaRZ.exe"
                                                Imagebase:0x7ff685c00000
                                                File size:5'915'958 bytes
                                                MD5 hash:B40682DDC13C95E3C0228D09A3B6AAE2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:1
                                                Start time:03:11:03
                                                Start date:15/12/2024
                                                Path:C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\Desktop\oKfMLwqaRZ.exe"
                                                Imagebase:0x7ff685c00000
                                                File size:5'915'958 bytes
                                                MD5 hash:B40682DDC13C95E3C0228D09A3B6AAE2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:9.5%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:19.2%
                                                  Total number of Nodes:2000
                                                  Total number of Limit Nodes:69
                                                  execution_graph 19171 7ff685c2a10e 19172 7ff685c2a127 19171->19172 19173 7ff685c2a11d 19171->19173 19175 7ff685c1f648 LeaveCriticalSection 19173->19175 19502 7ff685c2a079 19505 7ff685c14788 LeaveCriticalSection 19502->19505 15623 7ff685c18c79 15635 7ff685c196e8 15623->15635 15640 7ff685c1a460 GetLastError 15635->15640 15641 7ff685c1a4a1 FlsSetValue 15640->15641 15642 7ff685c1a484 FlsGetValue 15640->15642 15644 7ff685c1a4b3 15641->15644 15659 7ff685c1a491 SetLastError 15641->15659 15643 7ff685c1a49b 15642->15643 15642->15659 15643->15641 15671 7ff685c1dea8 15644->15671 15647 7ff685c196f1 15662 7ff685c19814 15647->15662 15648 7ff685c1a52d 15650 7ff685c19814 __GetCurrentState 38 API calls 15648->15650 15656 7ff685c1a532 15650->15656 15651 7ff685c1a4e0 FlsSetValue 15654 7ff685c1a4ec FlsSetValue 15651->15654 15655 7ff685c1a4fe 15651->15655 15652 7ff685c1a4d0 FlsSetValue 15653 7ff685c1a4d9 15652->15653 15678 7ff685c19c58 15653->15678 15654->15653 15684 7ff685c1a204 15655->15684 15659->15647 15659->15648 15732 7ff685c22960 15662->15732 15677 7ff685c1deb9 _get_daylight 15671->15677 15672 7ff685c1df0a 15692 7ff685c143f4 15672->15692 15673 7ff685c1deee HeapAlloc 15675 7ff685c1a4c2 15673->15675 15673->15677 15675->15651 15675->15652 15677->15672 15677->15673 15689 7ff685c228a0 15677->15689 15679 7ff685c19c5d RtlFreeHeap 15678->15679 15680 7ff685c19c8c 15678->15680 15679->15680 15681 7ff685c19c78 GetLastError 15679->15681 15680->15659 15682 7ff685c19c85 __free_lconv_mon 15681->15682 15683 7ff685c143f4 _get_daylight 9 API calls 15682->15683 15683->15680 15718 7ff685c1a0dc 15684->15718 15695 7ff685c228e0 15689->15695 15701 7ff685c1a5d8 GetLastError 15692->15701 15694 7ff685c143fd 15694->15675 15700 7ff685c1f5e8 EnterCriticalSection 15695->15700 15702 7ff685c1a619 FlsSetValue 15701->15702 15703 7ff685c1a5fc 15701->15703 15704 7ff685c1a62b 15702->15704 15716 7ff685c1a609 15702->15716 15703->15702 15703->15716 15706 7ff685c1dea8 _get_daylight 5 API calls 15704->15706 15705 7ff685c1a685 SetLastError 15705->15694 15707 7ff685c1a63a 15706->15707 15708 7ff685c1a658 FlsSetValue 15707->15708 15709 7ff685c1a648 FlsSetValue 15707->15709 15711 7ff685c1a676 15708->15711 15712 7ff685c1a664 FlsSetValue 15708->15712 15710 7ff685c1a651 15709->15710 15713 7ff685c19c58 __free_lconv_mon 5 API calls 15710->15713 15714 7ff685c1a204 _get_daylight 5 API calls 15711->15714 15712->15710 15713->15716 15715 7ff685c1a67e 15714->15715 15717 7ff685c19c58 __free_lconv_mon 5 API calls 15715->15717 15716->15705 15717->15705 15730 7ff685c1f5e8 EnterCriticalSection 15718->15730 15766 7ff685c22918 15732->15766 15771 7ff685c1f5e8 EnterCriticalSection 15766->15771 19097 7ff685c0ae00 19098 7ff685c0ae2e 19097->19098 19099 7ff685c0ae15 19097->19099 19099->19098 19101 7ff685c1c90c 12 API calls 19099->19101 19100 7ff685c0ae8e 19101->19100 19187 7ff685c1b830 19198 7ff685c1f5e8 EnterCriticalSection 19187->19198 19851 7ff685c1ec9c 19852 7ff685c1ee8e 19851->19852 19854 7ff685c1ecde _isindst 19851->19854 19853 7ff685c143f4 _get_daylight 11 API calls 19852->19853 19871 7ff685c1ee7e 19853->19871 19854->19852 19857 7ff685c1ed5e _isindst 19854->19857 19855 7ff685c0b870 _log10_special 8 API calls 19856 7ff685c1eea9 19855->19856 19872 7ff685c254a4 19857->19872 19862 7ff685c1eeba 19864 7ff685c19c10 _isindst 17 API calls 19862->19864 19866 7ff685c1eece 19864->19866 19869 7ff685c1edbb 19869->19871 19896 7ff685c254e8 19869->19896 19871->19855 19873 7ff685c1ed7c 19872->19873 19874 7ff685c254b3 19872->19874 19878 7ff685c248a8 19873->19878 19903 7ff685c1f5e8 EnterCriticalSection 19874->19903 19879 7ff685c1ed91 19878->19879 19880 7ff685c248b1 19878->19880 19879->19862 19884 7ff685c248d8 19879->19884 19881 7ff685c143f4 _get_daylight 11 API calls 19880->19881 19882 7ff685c248b6 19881->19882 19883 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 19882->19883 19883->19879 19885 7ff685c248e1 19884->19885 19887 7ff685c1eda2 19884->19887 19886 7ff685c143f4 _get_daylight 11 API calls 19885->19886 19888 7ff685c248e6 19886->19888 19887->19862 19890 7ff685c24908 19887->19890 19889 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 19888->19889 19889->19887 19891 7ff685c24911 19890->19891 19895 7ff685c1edb3 19890->19895 19892 7ff685c143f4 _get_daylight 11 API calls 19891->19892 19893 7ff685c24916 19892->19893 19894 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 19893->19894 19894->19895 19895->19862 19895->19869 19904 7ff685c1f5e8 EnterCriticalSection 19896->19904 19253 7ff685c14720 19254 7ff685c1472b 19253->19254 19262 7ff685c1e5b4 19254->19262 19275 7ff685c1f5e8 EnterCriticalSection 19262->19275 15836 7ff685c14938 15837 7ff685c1496f 15836->15837 15838 7ff685c14952 15836->15838 15837->15838 15840 7ff685c14982 CreateFileW 15837->15840 15861 7ff685c143d4 15838->15861 15842 7ff685c149b6 15840->15842 15843 7ff685c149ec 15840->15843 15864 7ff685c14a8c GetFileType 15842->15864 15890 7ff685c14f14 15843->15890 15845 7ff685c143f4 _get_daylight 11 API calls 15848 7ff685c1495f 15845->15848 15852 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 15848->15852 15850 7ff685c14a20 15916 7ff685c14cd4 15850->15916 15851 7ff685c149f5 15911 7ff685c14368 15851->15911 15856 7ff685c1496a 15852->15856 15853 7ff685c149cb CloseHandle 15853->15856 15854 7ff685c149e1 CloseHandle 15854->15856 15860 7ff685c149ff 15860->15856 15862 7ff685c1a5d8 _get_daylight 11 API calls 15861->15862 15863 7ff685c143dd 15862->15863 15863->15845 15865 7ff685c14b97 15864->15865 15866 7ff685c14ada 15864->15866 15868 7ff685c14b9f 15865->15868 15869 7ff685c14bc1 15865->15869 15867 7ff685c14b06 GetFileInformationByHandle 15866->15867 15871 7ff685c14e10 21 API calls 15866->15871 15872 7ff685c14b2f 15867->15872 15873 7ff685c14bb2 GetLastError 15867->15873 15868->15873 15874 7ff685c14ba3 15868->15874 15870 7ff685c14be4 PeekNamedPipe 15869->15870 15889 7ff685c14b82 15869->15889 15870->15889 15876 7ff685c14af4 15871->15876 15877 7ff685c14cd4 51 API calls 15872->15877 15875 7ff685c14368 _fread_nolock 11 API calls 15873->15875 15878 7ff685c143f4 _get_daylight 11 API calls 15874->15878 15875->15889 15876->15867 15876->15889 15879 7ff685c14b3a 15877->15879 15878->15889 15933 7ff685c14c34 15879->15933 15880 7ff685c0b870 _log10_special 8 API calls 15882 7ff685c149c4 15880->15882 15882->15853 15882->15854 15884 7ff685c14c34 10 API calls 15885 7ff685c14b59 15884->15885 15886 7ff685c14c34 10 API calls 15885->15886 15887 7ff685c14b6a 15886->15887 15888 7ff685c143f4 _get_daylight 11 API calls 15887->15888 15887->15889 15888->15889 15889->15880 15891 7ff685c14f4a 15890->15891 15892 7ff685c143f4 _get_daylight 11 API calls 15891->15892 15910 7ff685c14fe2 __std_exception_destroy 15891->15910 15894 7ff685c14f5c 15892->15894 15893 7ff685c0b870 _log10_special 8 API calls 15895 7ff685c149f1 15893->15895 15896 7ff685c143f4 _get_daylight 11 API calls 15894->15896 15895->15850 15895->15851 15897 7ff685c14f64 15896->15897 15940 7ff685c17118 15897->15940 15899 7ff685c14f79 15900 7ff685c14f8b 15899->15900 15901 7ff685c14f81 15899->15901 15902 7ff685c143f4 _get_daylight 11 API calls 15900->15902 15903 7ff685c143f4 _get_daylight 11 API calls 15901->15903 15904 7ff685c14f90 15902->15904 15907 7ff685c14f86 15903->15907 15905 7ff685c143f4 _get_daylight 11 API calls 15904->15905 15904->15910 15906 7ff685c14f9a 15905->15906 15908 7ff685c17118 45 API calls 15906->15908 15909 7ff685c14fd4 GetDriveTypeW 15907->15909 15907->15910 15908->15907 15909->15910 15910->15893 15912 7ff685c1a5d8 _get_daylight 11 API calls 15911->15912 15913 7ff685c14375 __free_lconv_mon 15912->15913 15914 7ff685c1a5d8 _get_daylight 11 API calls 15913->15914 15915 7ff685c14397 15914->15915 15915->15860 15917 7ff685c14cfc 15916->15917 15925 7ff685c14a2d 15917->15925 16034 7ff685c1ea34 15917->16034 15919 7ff685c14d90 15920 7ff685c1ea34 51 API calls 15919->15920 15919->15925 15921 7ff685c14da3 15920->15921 15922 7ff685c1ea34 51 API calls 15921->15922 15921->15925 15923 7ff685c14db6 15922->15923 15924 7ff685c1ea34 51 API calls 15923->15924 15923->15925 15924->15925 15926 7ff685c14e10 15925->15926 15927 7ff685c14e2a 15926->15927 15928 7ff685c14e61 15927->15928 15929 7ff685c14e3a 15927->15929 15930 7ff685c1e8c8 21 API calls 15928->15930 15931 7ff685c14368 _fread_nolock 11 API calls 15929->15931 15932 7ff685c14e4a 15929->15932 15930->15932 15931->15932 15932->15860 15934 7ff685c14c5d FileTimeToSystemTime 15933->15934 15935 7ff685c14c50 15933->15935 15936 7ff685c14c71 SystemTimeToTzSpecificLocalTime 15934->15936 15937 7ff685c14c58 15934->15937 15935->15934 15935->15937 15936->15937 15938 7ff685c0b870 _log10_special 8 API calls 15937->15938 15939 7ff685c14b49 15938->15939 15939->15884 15941 7ff685c171a2 15940->15941 15942 7ff685c17134 15940->15942 15977 7ff685c1fad0 15941->15977 15942->15941 15944 7ff685c17139 15942->15944 15945 7ff685c1716e 15944->15945 15946 7ff685c17151 15944->15946 15960 7ff685c16f5c GetFullPathNameW 15945->15960 15952 7ff685c16ee8 GetFullPathNameW 15946->15952 15951 7ff685c17166 __std_exception_destroy 15951->15899 15953 7ff685c16f0e GetLastError 15952->15953 15954 7ff685c16f24 15952->15954 15955 7ff685c14368 _fread_nolock 11 API calls 15953->15955 15958 7ff685c143f4 _get_daylight 11 API calls 15954->15958 15959 7ff685c16f20 15954->15959 15956 7ff685c16f1b 15955->15956 15957 7ff685c143f4 _get_daylight 11 API calls 15956->15957 15957->15959 15958->15959 15959->15951 15961 7ff685c16f8f GetLastError 15960->15961 15964 7ff685c16fa5 __std_exception_destroy 15960->15964 15962 7ff685c14368 _fread_nolock 11 API calls 15961->15962 15963 7ff685c16f9c 15962->15963 15966 7ff685c143f4 _get_daylight 11 API calls 15963->15966 15965 7ff685c16fa1 15964->15965 15967 7ff685c16fff GetFullPathNameW 15964->15967 15968 7ff685c17034 15965->15968 15966->15965 15967->15961 15967->15965 15971 7ff685c170a8 memcpy_s 15968->15971 15972 7ff685c1705d memcpy_s 15968->15972 15969 7ff685c17091 15970 7ff685c143f4 _get_daylight 11 API calls 15969->15970 15976 7ff685c17096 15970->15976 15971->15951 15972->15969 15972->15971 15973 7ff685c170ca 15972->15973 15973->15971 15975 7ff685c143f4 _get_daylight 11 API calls 15973->15975 15974 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 15974->15971 15975->15976 15976->15974 15980 7ff685c1f8e0 15977->15980 15981 7ff685c1f90b 15980->15981 15982 7ff685c1f922 15980->15982 15983 7ff685c143f4 _get_daylight 11 API calls 15981->15983 15984 7ff685c1f947 15982->15984 15985 7ff685c1f926 15982->15985 15987 7ff685c1f910 15983->15987 16018 7ff685c1e8c8 15984->16018 16006 7ff685c1fa4c 15985->16006 15991 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 15987->15991 15989 7ff685c1f94c 15995 7ff685c1f9f1 15989->15995 16001 7ff685c1f973 15989->16001 16005 7ff685c1f91b __std_exception_destroy 15991->16005 15992 7ff685c1f92f 15993 7ff685c143d4 _fread_nolock 11 API calls 15992->15993 15994 7ff685c1f934 15993->15994 15997 7ff685c143f4 _get_daylight 11 API calls 15994->15997 15995->15981 15998 7ff685c1f9f9 15995->15998 15996 7ff685c0b870 _log10_special 8 API calls 15999 7ff685c1fa41 15996->15999 15997->15987 16000 7ff685c16ee8 13 API calls 15998->16000 15999->15951 16000->16005 16002 7ff685c16f5c 14 API calls 16001->16002 16003 7ff685c1f9b7 16002->16003 16004 7ff685c17034 37 API calls 16003->16004 16003->16005 16004->16005 16005->15996 16007 7ff685c1fa96 16006->16007 16008 7ff685c1fa66 16006->16008 16010 7ff685c1fa81 16007->16010 16011 7ff685c1faa1 GetDriveTypeW 16007->16011 16009 7ff685c143d4 _fread_nolock 11 API calls 16008->16009 16012 7ff685c1fa6b 16009->16012 16014 7ff685c0b870 _log10_special 8 API calls 16010->16014 16011->16010 16013 7ff685c143f4 _get_daylight 11 API calls 16012->16013 16015 7ff685c1fa76 16013->16015 16016 7ff685c1f92b 16014->16016 16017 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16015->16017 16016->15989 16016->15992 16017->16010 16032 7ff685c297e0 16018->16032 16020 7ff685c1e8fe GetCurrentDirectoryW 16021 7ff685c1e93c 16020->16021 16023 7ff685c1e915 16020->16023 16022 7ff685c1dea8 _get_daylight 11 API calls 16021->16022 16024 7ff685c1e94b 16022->16024 16025 7ff685c0b870 _log10_special 8 API calls 16023->16025 16026 7ff685c1e955 GetCurrentDirectoryW 16024->16026 16027 7ff685c1e964 16024->16027 16028 7ff685c1e9a9 16025->16028 16026->16027 16029 7ff685c1e969 16026->16029 16030 7ff685c143f4 _get_daylight 11 API calls 16027->16030 16028->15989 16031 7ff685c19c58 __free_lconv_mon 11 API calls 16029->16031 16030->16029 16031->16023 16033 7ff685c297d0 16032->16033 16033->16020 16033->16033 16035 7ff685c1ea65 16034->16035 16036 7ff685c1ea41 16034->16036 16038 7ff685c1ea9f 16035->16038 16041 7ff685c1eabe 16035->16041 16036->16035 16037 7ff685c1ea46 16036->16037 16039 7ff685c143f4 _get_daylight 11 API calls 16037->16039 16040 7ff685c143f4 _get_daylight 11 API calls 16038->16040 16042 7ff685c1ea4b 16039->16042 16043 7ff685c1eaa4 16040->16043 16051 7ff685c14178 16041->16051 16045 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16042->16045 16046 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16043->16046 16047 7ff685c1ea56 16045->16047 16048 7ff685c1eaaf 16046->16048 16047->15919 16048->15919 16049 7ff685c1eacb 16049->16048 16050 7ff685c1f7ec 51 API calls 16049->16050 16050->16049 16052 7ff685c14197 16051->16052 16053 7ff685c1419c 16051->16053 16052->16049 16053->16052 16054 7ff685c1a460 __GetCurrentState 45 API calls 16053->16054 16055 7ff685c141b7 16054->16055 16059 7ff685c1cc94 16055->16059 16060 7ff685c1cca9 16059->16060 16061 7ff685c141da 16059->16061 16060->16061 16067 7ff685c22614 16060->16067 16063 7ff685c1cd00 16061->16063 16064 7ff685c1cd28 16063->16064 16065 7ff685c1cd15 16063->16065 16064->16052 16065->16064 16080 7ff685c21960 16065->16080 16068 7ff685c1a460 __GetCurrentState 45 API calls 16067->16068 16069 7ff685c22623 16068->16069 16070 7ff685c2266e 16069->16070 16079 7ff685c1f5e8 EnterCriticalSection 16069->16079 16070->16061 16081 7ff685c1a460 __GetCurrentState 45 API calls 16080->16081 16082 7ff685c21969 16081->16082 19325 7ff685c209c0 19336 7ff685c266f4 19325->19336 19337 7ff685c26701 19336->19337 19338 7ff685c19c58 __free_lconv_mon 11 API calls 19337->19338 19339 7ff685c2671d 19337->19339 19338->19337 19340 7ff685c19c58 __free_lconv_mon 11 API calls 19339->19340 19341 7ff685c209c9 19339->19341 19340->19339 19342 7ff685c1f5e8 EnterCriticalSection 19341->19342 20016 7ff685c0be70 20017 7ff685c0be80 20016->20017 20033 7ff685c18ec0 20017->20033 20019 7ff685c0be8c 20039 7ff685c0c168 20019->20039 20021 7ff685c0bef9 20022 7ff685c0c44c 7 API calls 20021->20022 20032 7ff685c0bf15 20021->20032 20024 7ff685c0bf25 20022->20024 20023 7ff685c0bea4 _RTC_Initialize 20023->20021 20044 7ff685c0c318 20023->20044 20026 7ff685c0beb9 20047 7ff685c1832c 20026->20047 20034 7ff685c18ed1 20033->20034 20035 7ff685c143f4 _get_daylight 11 API calls 20034->20035 20038 7ff685c18ed9 20034->20038 20036 7ff685c18ee8 20035->20036 20037 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 20036->20037 20037->20038 20038->20019 20040 7ff685c0c179 20039->20040 20043 7ff685c0c17e __scrt_release_startup_lock 20039->20043 20041 7ff685c0c44c 7 API calls 20040->20041 20040->20043 20042 7ff685c0c1f2 20041->20042 20043->20023 20072 7ff685c0c2dc 20044->20072 20046 7ff685c0c321 20046->20026 20048 7ff685c0bec5 20047->20048 20049 7ff685c1834c 20047->20049 20048->20021 20071 7ff685c0c3ec InitializeSListHead 20048->20071 20050 7ff685c1836a GetModuleFileNameW 20049->20050 20051 7ff685c18354 20049->20051 20055 7ff685c18395 20050->20055 20052 7ff685c143f4 _get_daylight 11 API calls 20051->20052 20053 7ff685c18359 20052->20053 20054 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 20053->20054 20054->20048 20056 7ff685c182cc 11 API calls 20055->20056 20057 7ff685c183d5 20056->20057 20058 7ff685c183dd 20057->20058 20063 7ff685c183f5 20057->20063 20059 7ff685c143f4 _get_daylight 11 API calls 20058->20059 20060 7ff685c183e2 20059->20060 20061 7ff685c19c58 __free_lconv_mon 11 API calls 20060->20061 20061->20048 20062 7ff685c18417 20064 7ff685c19c58 __free_lconv_mon 11 API calls 20062->20064 20063->20062 20065 7ff685c1845c 20063->20065 20066 7ff685c18443 20063->20066 20064->20048 20069 7ff685c19c58 __free_lconv_mon 11 API calls 20065->20069 20067 7ff685c19c58 __free_lconv_mon 11 API calls 20066->20067 20068 7ff685c1844c 20067->20068 20070 7ff685c19c58 __free_lconv_mon 11 API calls 20068->20070 20069->20062 20070->20048 20073 7ff685c0c2f6 20072->20073 20074 7ff685c0c2ef 20072->20074 20076 7ff685c194fc 20073->20076 20074->20046 20079 7ff685c19138 20076->20079 20086 7ff685c1f5e8 EnterCriticalSection 20079->20086 19380 7ff685c29ef3 19381 7ff685c29f03 19380->19381 19384 7ff685c14788 LeaveCriticalSection 19381->19384 16083 7ff685c1fbd8 16084 7ff685c1fbfc 16083->16084 16088 7ff685c1fc0c 16083->16088 16085 7ff685c143f4 _get_daylight 11 API calls 16084->16085 16086 7ff685c1fc01 16085->16086 16087 7ff685c1feec 16090 7ff685c143f4 _get_daylight 11 API calls 16087->16090 16088->16087 16089 7ff685c1fc2e 16088->16089 16095 7ff685c1fc4f 16089->16095 16232 7ff685c20294 16089->16232 16091 7ff685c1fef1 16090->16091 16092 7ff685c19c58 __free_lconv_mon 11 API calls 16091->16092 16092->16086 16094 7ff685c1fcc1 16099 7ff685c1dea8 _get_daylight 11 API calls 16094->16099 16111 7ff685c1fc84 16094->16111 16095->16094 16097 7ff685c1fc75 16095->16097 16128 7ff685c1fcb5 16095->16128 16096 7ff685c1fd6e 16107 7ff685c1fd8b 16096->16107 16112 7ff685c1fddd 16096->16112 16247 7ff685c189d8 16097->16247 16101 7ff685c1fcd7 16099->16101 16104 7ff685c19c58 __free_lconv_mon 11 API calls 16101->16104 16103 7ff685c19c58 __free_lconv_mon 11 API calls 16103->16086 16108 7ff685c1fce5 16104->16108 16105 7ff685c1fc9d 16114 7ff685c20294 45 API calls 16105->16114 16105->16128 16106 7ff685c1fc7f 16109 7ff685c143f4 _get_daylight 11 API calls 16106->16109 16110 7ff685c19c58 __free_lconv_mon 11 API calls 16107->16110 16108->16111 16116 7ff685c1dea8 _get_daylight 11 API calls 16108->16116 16108->16128 16109->16111 16113 7ff685c1fd94 16110->16113 16111->16103 16112->16111 16115 7ff685c226ec 40 API calls 16112->16115 16122 7ff685c1fd99 16113->16122 16289 7ff685c226ec 16113->16289 16114->16128 16117 7ff685c1fe1a 16115->16117 16119 7ff685c1fd07 16116->16119 16120 7ff685c19c58 __free_lconv_mon 11 API calls 16117->16120 16124 7ff685c19c58 __free_lconv_mon 11 API calls 16119->16124 16125 7ff685c1fe24 16120->16125 16121 7ff685c1fdc5 16126 7ff685c19c58 __free_lconv_mon 11 API calls 16121->16126 16123 7ff685c1fee0 16122->16123 16129 7ff685c1dea8 _get_daylight 11 API calls 16122->16129 16127 7ff685c19c58 __free_lconv_mon 11 API calls 16123->16127 16124->16128 16125->16111 16125->16122 16126->16122 16127->16086 16128->16096 16128->16111 16253 7ff685c2643c 16128->16253 16130 7ff685c1fe68 16129->16130 16131 7ff685c1fe79 16130->16131 16132 7ff685c1fe70 16130->16132 16214 7ff685c197b4 16131->16214 16133 7ff685c19c58 __free_lconv_mon 11 API calls 16132->16133 16135 7ff685c1fe77 16133->16135 16140 7ff685c19c58 __free_lconv_mon 11 API calls 16135->16140 16137 7ff685c1ff1b 16139 7ff685c19c10 _isindst 17 API calls 16137->16139 16138 7ff685c1fe90 16298 7ff685c26554 16138->16298 16142 7ff685c1ff2f 16139->16142 16140->16086 16146 7ff685c1ff58 16142->16146 16153 7ff685c1ff68 16142->16153 16144 7ff685c1feb7 16147 7ff685c143f4 _get_daylight 11 API calls 16144->16147 16145 7ff685c1fed8 16149 7ff685c19c58 __free_lconv_mon 11 API calls 16145->16149 16148 7ff685c143f4 _get_daylight 11 API calls 16146->16148 16150 7ff685c1febc 16147->16150 16176 7ff685c1ff5d 16148->16176 16149->16123 16151 7ff685c19c58 __free_lconv_mon 11 API calls 16150->16151 16151->16135 16152 7ff685c2024b 16155 7ff685c143f4 _get_daylight 11 API calls 16152->16155 16153->16152 16154 7ff685c1ff8a 16153->16154 16156 7ff685c1ffa7 16154->16156 16317 7ff685c2037c 16154->16317 16157 7ff685c20250 16155->16157 16160 7ff685c2001b 16156->16160 16162 7ff685c1ffcf 16156->16162 16166 7ff685c2000f 16156->16166 16158 7ff685c19c58 __free_lconv_mon 11 API calls 16157->16158 16158->16176 16164 7ff685c20043 16160->16164 16167 7ff685c1dea8 _get_daylight 11 API calls 16160->16167 16182 7ff685c1ffde 16160->16182 16161 7ff685c200ce 16175 7ff685c200eb 16161->16175 16183 7ff685c2013e 16161->16183 16332 7ff685c18a14 16162->16332 16164->16166 16169 7ff685c1dea8 _get_daylight 11 API calls 16164->16169 16164->16182 16166->16161 16166->16182 16338 7ff685c262fc 16166->16338 16171 7ff685c20035 16167->16171 16174 7ff685c20065 16169->16174 16170 7ff685c19c58 __free_lconv_mon 11 API calls 16170->16176 16177 7ff685c19c58 __free_lconv_mon 11 API calls 16171->16177 16172 7ff685c1fff7 16172->16166 16181 7ff685c2037c 45 API calls 16172->16181 16173 7ff685c1ffd9 16178 7ff685c143f4 _get_daylight 11 API calls 16173->16178 16179 7ff685c19c58 __free_lconv_mon 11 API calls 16174->16179 16180 7ff685c19c58 __free_lconv_mon 11 API calls 16175->16180 16177->16164 16178->16182 16179->16166 16184 7ff685c200f4 16180->16184 16181->16166 16182->16170 16183->16182 16185 7ff685c226ec 40 API calls 16183->16185 16187 7ff685c226ec 40 API calls 16184->16187 16190 7ff685c200fa 16184->16190 16186 7ff685c2017c 16185->16186 16188 7ff685c19c58 __free_lconv_mon 11 API calls 16186->16188 16192 7ff685c20126 16187->16192 16189 7ff685c20186 16188->16189 16189->16182 16189->16190 16191 7ff685c2023f 16190->16191 16195 7ff685c1dea8 _get_daylight 11 API calls 16190->16195 16194 7ff685c19c58 __free_lconv_mon 11 API calls 16191->16194 16193 7ff685c19c58 __free_lconv_mon 11 API calls 16192->16193 16193->16190 16194->16176 16196 7ff685c201cb 16195->16196 16197 7ff685c201dc 16196->16197 16198 7ff685c201d3 16196->16198 16223 7ff685c1f784 16197->16223 16199 7ff685c19c58 __free_lconv_mon 11 API calls 16198->16199 16201 7ff685c201da 16199->16201 16208 7ff685c19c58 __free_lconv_mon 11 API calls 16201->16208 16203 7ff685c2027f 16207 7ff685c19c10 _isindst 17 API calls 16203->16207 16204 7ff685c201f2 SetEnvironmentVariableW 16205 7ff685c20237 16204->16205 16206 7ff685c20216 16204->16206 16211 7ff685c19c58 __free_lconv_mon 11 API calls 16205->16211 16209 7ff685c143f4 _get_daylight 11 API calls 16206->16209 16210 7ff685c20293 16207->16210 16208->16176 16212 7ff685c2021b 16209->16212 16211->16191 16213 7ff685c19c58 __free_lconv_mon 11 API calls 16212->16213 16213->16201 16215 7ff685c197cb 16214->16215 16216 7ff685c197c1 16214->16216 16217 7ff685c143f4 _get_daylight 11 API calls 16215->16217 16216->16215 16221 7ff685c197e6 16216->16221 16218 7ff685c197d2 16217->16218 16220 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16218->16220 16219 7ff685c197de 16219->16137 16219->16138 16220->16219 16221->16219 16222 7ff685c143f4 _get_daylight 11 API calls 16221->16222 16222->16218 16224 7ff685c1f79b 16223->16224 16225 7ff685c1f791 16223->16225 16226 7ff685c143f4 _get_daylight 11 API calls 16224->16226 16225->16224 16230 7ff685c1f7b7 16225->16230 16227 7ff685c1f7a3 16226->16227 16228 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16227->16228 16229 7ff685c1f7af 16228->16229 16229->16203 16229->16204 16230->16229 16231 7ff685c143f4 _get_daylight 11 API calls 16230->16231 16231->16227 16233 7ff685c202c9 16232->16233 16234 7ff685c202b1 16232->16234 16235 7ff685c1dea8 _get_daylight 11 API calls 16233->16235 16234->16095 16240 7ff685c202ed 16235->16240 16236 7ff685c2034e 16238 7ff685c19c58 __free_lconv_mon 11 API calls 16236->16238 16237 7ff685c19814 __GetCurrentState 45 API calls 16239 7ff685c20378 16237->16239 16238->16234 16240->16236 16241 7ff685c1dea8 _get_daylight 11 API calls 16240->16241 16242 7ff685c19c58 __free_lconv_mon 11 API calls 16240->16242 16243 7ff685c197b4 __std_exception_copy 37 API calls 16240->16243 16244 7ff685c2035d 16240->16244 16246 7ff685c20372 16240->16246 16241->16240 16242->16240 16243->16240 16245 7ff685c19c10 _isindst 17 API calls 16244->16245 16245->16246 16246->16237 16248 7ff685c189e8 16247->16248 16252 7ff685c189f1 16247->16252 16248->16252 16362 7ff685c184b0 16248->16362 16252->16105 16252->16106 16254 7ff685c26449 16253->16254 16255 7ff685c25564 16253->16255 16257 7ff685c14178 45 API calls 16254->16257 16256 7ff685c25571 16255->16256 16262 7ff685c255a7 16255->16262 16260 7ff685c143f4 _get_daylight 11 API calls 16256->16260 16276 7ff685c25518 16256->16276 16259 7ff685c2647d 16257->16259 16258 7ff685c255d1 16261 7ff685c143f4 _get_daylight 11 API calls 16258->16261 16263 7ff685c26482 16259->16263 16268 7ff685c26493 16259->16268 16271 7ff685c264aa 16259->16271 16264 7ff685c2557b 16260->16264 16266 7ff685c255d6 16261->16266 16262->16258 16267 7ff685c255f6 16262->16267 16263->16128 16265 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16264->16265 16269 7ff685c25586 16265->16269 16270 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16266->16270 16277 7ff685c14178 45 API calls 16267->16277 16282 7ff685c255e1 16267->16282 16272 7ff685c143f4 _get_daylight 11 API calls 16268->16272 16269->16128 16270->16282 16274 7ff685c264c6 16271->16274 16275 7ff685c264b4 16271->16275 16273 7ff685c26498 16272->16273 16278 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16273->16278 16280 7ff685c264d7 16274->16280 16281 7ff685c264ee 16274->16281 16279 7ff685c143f4 _get_daylight 11 API calls 16275->16279 16276->16128 16277->16282 16278->16263 16283 7ff685c264b9 16279->16283 16623 7ff685c255b4 16280->16623 16632 7ff685c2825c 16281->16632 16282->16128 16286 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16283->16286 16286->16263 16288 7ff685c143f4 _get_daylight 11 API calls 16288->16263 16290 7ff685c2272b 16289->16290 16291 7ff685c2270e 16289->16291 16293 7ff685c22735 16290->16293 16672 7ff685c26f48 16290->16672 16291->16290 16292 7ff685c2271c 16291->16292 16294 7ff685c143f4 _get_daylight 11 API calls 16292->16294 16679 7ff685c26f84 16293->16679 16297 7ff685c22721 memcpy_s 16294->16297 16297->16121 16299 7ff685c14178 45 API calls 16298->16299 16300 7ff685c265ba 16299->16300 16301 7ff685c265c8 16300->16301 16691 7ff685c1e234 16300->16691 16694 7ff685c147bc 16301->16694 16305 7ff685c266b4 16308 7ff685c266c5 16305->16308 16309 7ff685c19c58 __free_lconv_mon 11 API calls 16305->16309 16306 7ff685c14178 45 API calls 16307 7ff685c26637 16306->16307 16311 7ff685c1e234 5 API calls 16307->16311 16314 7ff685c26640 16307->16314 16310 7ff685c1feb3 16308->16310 16312 7ff685c19c58 __free_lconv_mon 11 API calls 16308->16312 16309->16308 16310->16144 16310->16145 16311->16314 16312->16310 16313 7ff685c147bc 14 API calls 16315 7ff685c2669b 16313->16315 16314->16313 16315->16305 16316 7ff685c266a3 SetEnvironmentVariableW 16315->16316 16316->16305 16318 7ff685c203bc 16317->16318 16319 7ff685c2039f 16317->16319 16320 7ff685c1dea8 _get_daylight 11 API calls 16318->16320 16319->16156 16326 7ff685c203e0 16320->16326 16321 7ff685c20441 16323 7ff685c19c58 __free_lconv_mon 11 API calls 16321->16323 16322 7ff685c19814 __GetCurrentState 45 API calls 16324 7ff685c2046a 16322->16324 16323->16319 16325 7ff685c1dea8 _get_daylight 11 API calls 16325->16326 16326->16321 16326->16325 16327 7ff685c19c58 __free_lconv_mon 11 API calls 16326->16327 16328 7ff685c1f784 37 API calls 16326->16328 16329 7ff685c20450 16326->16329 16331 7ff685c20464 16326->16331 16327->16326 16328->16326 16330 7ff685c19c10 _isindst 17 API calls 16329->16330 16330->16331 16331->16322 16333 7ff685c18a24 16332->16333 16337 7ff685c18a2d 16332->16337 16333->16337 16716 7ff685c18524 16333->16716 16337->16172 16337->16173 16339 7ff685c26336 16338->16339 16340 7ff685c26309 16338->16340 16343 7ff685c2637a 16339->16343 16346 7ff685c26399 16339->16346 16360 7ff685c2636e __crtLCMapStringW 16339->16360 16340->16339 16341 7ff685c2630e 16340->16341 16342 7ff685c143f4 _get_daylight 11 API calls 16341->16342 16344 7ff685c26313 16342->16344 16345 7ff685c143f4 _get_daylight 11 API calls 16343->16345 16347 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16344->16347 16348 7ff685c2637f 16345->16348 16349 7ff685c263a3 16346->16349 16350 7ff685c263b5 16346->16350 16351 7ff685c2631e 16347->16351 16353 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16348->16353 16354 7ff685c143f4 _get_daylight 11 API calls 16349->16354 16352 7ff685c14178 45 API calls 16350->16352 16351->16166 16355 7ff685c263c2 16352->16355 16353->16360 16356 7ff685c263a8 16354->16356 16355->16360 16763 7ff685c27e18 16355->16763 16357 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16356->16357 16357->16360 16360->16166 16361 7ff685c143f4 _get_daylight 11 API calls 16361->16360 16363 7ff685c184c9 16362->16363 16372 7ff685c184c5 16362->16372 16385 7ff685c21900 16363->16385 16368 7ff685c184e7 16411 7ff685c18594 16368->16411 16369 7ff685c184db 16370 7ff685c19c58 __free_lconv_mon 11 API calls 16369->16370 16370->16372 16372->16252 16377 7ff685c18804 16372->16377 16374 7ff685c19c58 __free_lconv_mon 11 API calls 16375 7ff685c1850e 16374->16375 16376 7ff685c19c58 __free_lconv_mon 11 API calls 16375->16376 16376->16372 16382 7ff685c1882d 16377->16382 16383 7ff685c18846 16377->16383 16378 7ff685c1faf8 WideCharToMultiByte 16378->16383 16379 7ff685c1dea8 _get_daylight 11 API calls 16379->16383 16380 7ff685c188d6 16381 7ff685c19c58 __free_lconv_mon 11 API calls 16380->16381 16381->16382 16382->16252 16383->16378 16383->16379 16383->16380 16383->16382 16384 7ff685c19c58 __free_lconv_mon 11 API calls 16383->16384 16384->16383 16386 7ff685c184ce 16385->16386 16387 7ff685c2190d 16385->16387 16391 7ff685c21c3c GetEnvironmentStringsW 16386->16391 16430 7ff685c1a534 16387->16430 16392 7ff685c21c6c 16391->16392 16393 7ff685c184d3 16391->16393 16394 7ff685c1faf8 WideCharToMultiByte 16392->16394 16393->16368 16393->16369 16395 7ff685c21cbd 16394->16395 16396 7ff685c21cc4 FreeEnvironmentStringsW 16395->16396 16397 7ff685c1c90c _fread_nolock 12 API calls 16395->16397 16396->16393 16398 7ff685c21cd7 16397->16398 16399 7ff685c21ce8 16398->16399 16400 7ff685c21cdf 16398->16400 16402 7ff685c1faf8 WideCharToMultiByte 16399->16402 16401 7ff685c19c58 __free_lconv_mon 11 API calls 16400->16401 16403 7ff685c21ce6 16401->16403 16404 7ff685c21d0b 16402->16404 16403->16396 16405 7ff685c21d19 16404->16405 16406 7ff685c21d0f 16404->16406 16407 7ff685c19c58 __free_lconv_mon 11 API calls 16405->16407 16408 7ff685c19c58 __free_lconv_mon 11 API calls 16406->16408 16409 7ff685c21d17 FreeEnvironmentStringsW 16407->16409 16408->16409 16409->16393 16412 7ff685c185b9 16411->16412 16413 7ff685c1dea8 _get_daylight 11 API calls 16412->16413 16424 7ff685c185ef 16413->16424 16414 7ff685c185f7 16415 7ff685c19c58 __free_lconv_mon 11 API calls 16414->16415 16416 7ff685c184ef 16415->16416 16416->16374 16417 7ff685c1866a 16418 7ff685c19c58 __free_lconv_mon 11 API calls 16417->16418 16418->16416 16419 7ff685c1dea8 _get_daylight 11 API calls 16419->16424 16420 7ff685c18659 16617 7ff685c187c0 16420->16617 16421 7ff685c197b4 __std_exception_copy 37 API calls 16421->16424 16424->16414 16424->16417 16424->16419 16424->16420 16424->16421 16425 7ff685c1868f 16424->16425 16428 7ff685c19c58 __free_lconv_mon 11 API calls 16424->16428 16427 7ff685c19c10 _isindst 17 API calls 16425->16427 16426 7ff685c19c58 __free_lconv_mon 11 API calls 16426->16414 16429 7ff685c186a2 16427->16429 16428->16424 16431 7ff685c1a560 FlsSetValue 16430->16431 16432 7ff685c1a545 FlsGetValue 16430->16432 16433 7ff685c1a56d 16431->16433 16434 7ff685c1a552 16431->16434 16432->16434 16435 7ff685c1a55a 16432->16435 16438 7ff685c1dea8 _get_daylight 11 API calls 16433->16438 16436 7ff685c1a558 16434->16436 16437 7ff685c19814 __GetCurrentState 45 API calls 16434->16437 16435->16431 16450 7ff685c215d4 16436->16450 16439 7ff685c1a5d5 16437->16439 16440 7ff685c1a57c 16438->16440 16441 7ff685c1a59a FlsSetValue 16440->16441 16442 7ff685c1a58a FlsSetValue 16440->16442 16444 7ff685c1a5a6 FlsSetValue 16441->16444 16445 7ff685c1a5b8 16441->16445 16443 7ff685c1a593 16442->16443 16446 7ff685c19c58 __free_lconv_mon 11 API calls 16443->16446 16444->16443 16447 7ff685c1a204 _get_daylight 11 API calls 16445->16447 16446->16434 16448 7ff685c1a5c0 16447->16448 16449 7ff685c19c58 __free_lconv_mon 11 API calls 16448->16449 16449->16436 16473 7ff685c21844 16450->16473 16452 7ff685c21609 16488 7ff685c212d4 16452->16488 16457 7ff685c2163f 16459 7ff685c19c58 __free_lconv_mon 11 API calls 16457->16459 16458 7ff685c2164e 16502 7ff685c2197c 16458->16502 16470 7ff685c21626 16459->16470 16462 7ff685c2174a 16463 7ff685c143f4 _get_daylight 11 API calls 16462->16463 16464 7ff685c2174f 16463->16464 16466 7ff685c19c58 __free_lconv_mon 11 API calls 16464->16466 16465 7ff685c217a5 16468 7ff685c2180c 16465->16468 16513 7ff685c21104 16465->16513 16466->16470 16467 7ff685c21764 16467->16465 16471 7ff685c19c58 __free_lconv_mon 11 API calls 16467->16471 16469 7ff685c19c58 __free_lconv_mon 11 API calls 16468->16469 16469->16470 16470->16386 16471->16465 16474 7ff685c21867 16473->16474 16477 7ff685c21871 16474->16477 16528 7ff685c1f5e8 EnterCriticalSection 16474->16528 16478 7ff685c218e3 16477->16478 16480 7ff685c19814 __GetCurrentState 45 API calls 16477->16480 16478->16452 16481 7ff685c218fb 16480->16481 16484 7ff685c21952 16481->16484 16485 7ff685c1a534 50 API calls 16481->16485 16484->16452 16486 7ff685c2193c 16485->16486 16487 7ff685c215d4 65 API calls 16486->16487 16487->16484 16489 7ff685c14178 45 API calls 16488->16489 16490 7ff685c212e8 16489->16490 16491 7ff685c21306 16490->16491 16492 7ff685c212f4 GetOEMCP 16490->16492 16493 7ff685c2130b GetACP 16491->16493 16494 7ff685c2131b 16491->16494 16492->16494 16493->16494 16494->16470 16495 7ff685c1c90c 16494->16495 16496 7ff685c1c957 16495->16496 16500 7ff685c1c91b _get_daylight 16495->16500 16497 7ff685c143f4 _get_daylight 11 API calls 16496->16497 16499 7ff685c1c955 16497->16499 16498 7ff685c1c93e HeapAlloc 16498->16499 16498->16500 16499->16457 16499->16458 16500->16496 16500->16498 16501 7ff685c228a0 _get_daylight 2 API calls 16500->16501 16501->16500 16503 7ff685c212d4 47 API calls 16502->16503 16504 7ff685c219a9 16503->16504 16506 7ff685c219e6 IsValidCodePage 16504->16506 16511 7ff685c21aff 16504->16511 16512 7ff685c21a00 memcpy_s 16504->16512 16505 7ff685c0b870 _log10_special 8 API calls 16507 7ff685c21741 16505->16507 16508 7ff685c219f7 16506->16508 16506->16511 16507->16462 16507->16467 16509 7ff685c21a26 GetCPInfo 16508->16509 16508->16512 16509->16511 16509->16512 16511->16505 16529 7ff685c213ec 16512->16529 16616 7ff685c1f5e8 EnterCriticalSection 16513->16616 16530 7ff685c21429 GetCPInfo 16529->16530 16531 7ff685c2151f 16529->16531 16530->16531 16537 7ff685c2143c 16530->16537 16532 7ff685c0b870 _log10_special 8 API calls 16531->16532 16534 7ff685c215be 16532->16534 16534->16511 16540 7ff685c22150 16537->16540 16541 7ff685c14178 45 API calls 16540->16541 16542 7ff685c22192 16541->16542 16560 7ff685c1ebb0 16542->16560 16561 7ff685c1ebb9 MultiByteToWideChar 16560->16561 16621 7ff685c187c5 16617->16621 16622 7ff685c18661 16617->16622 16618 7ff685c187ee 16620 7ff685c19c58 __free_lconv_mon 11 API calls 16618->16620 16619 7ff685c19c58 __free_lconv_mon 11 API calls 16619->16621 16620->16622 16621->16618 16621->16619 16622->16426 16624 7ff685c255e8 16623->16624 16625 7ff685c255d1 16623->16625 16624->16625 16628 7ff685c255f6 16624->16628 16626 7ff685c143f4 _get_daylight 11 API calls 16625->16626 16627 7ff685c255d6 16626->16627 16629 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16627->16629 16630 7ff685c14178 45 API calls 16628->16630 16631 7ff685c255e1 16628->16631 16629->16631 16630->16631 16631->16263 16633 7ff685c14178 45 API calls 16632->16633 16634 7ff685c28281 16633->16634 16637 7ff685c27ed8 16634->16637 16639 7ff685c27f26 16637->16639 16638 7ff685c0b870 _log10_special 8 API calls 16640 7ff685c26515 16638->16640 16641 7ff685c27fad 16639->16641 16643 7ff685c27f98 GetCPInfo 16639->16643 16646 7ff685c27fb1 16639->16646 16640->16263 16640->16288 16642 7ff685c1ebb0 _fread_nolock MultiByteToWideChar 16641->16642 16641->16646 16644 7ff685c28045 16642->16644 16643->16641 16643->16646 16645 7ff685c1c90c _fread_nolock 12 API calls 16644->16645 16644->16646 16647 7ff685c2807c 16644->16647 16645->16647 16646->16638 16647->16646 16648 7ff685c1ebb0 _fread_nolock MultiByteToWideChar 16647->16648 16649 7ff685c280ea 16648->16649 16650 7ff685c1ebb0 _fread_nolock MultiByteToWideChar 16649->16650 16659 7ff685c281cc 16649->16659 16652 7ff685c28110 16650->16652 16651 7ff685c19c58 __free_lconv_mon 11 API calls 16651->16646 16653 7ff685c1c90c _fread_nolock 12 API calls 16652->16653 16654 7ff685c2813d 16652->16654 16652->16659 16653->16654 16655 7ff685c1ebb0 _fread_nolock MultiByteToWideChar 16654->16655 16654->16659 16656 7ff685c281b4 16655->16656 16657 7ff685c281ba 16656->16657 16658 7ff685c281d4 16656->16658 16657->16659 16661 7ff685c19c58 __free_lconv_mon 11 API calls 16657->16661 16666 7ff685c1e278 16658->16666 16659->16646 16659->16651 16661->16659 16663 7ff685c28213 16663->16646 16665 7ff685c19c58 __free_lconv_mon 11 API calls 16663->16665 16664 7ff685c19c58 __free_lconv_mon 11 API calls 16664->16663 16665->16646 16667 7ff685c1e020 __crtLCMapStringW 5 API calls 16666->16667 16668 7ff685c1e2b6 16667->16668 16669 7ff685c1e2be 16668->16669 16670 7ff685c1e4e0 __crtLCMapStringW 5 API calls 16668->16670 16669->16663 16669->16664 16671 7ff685c1e327 CompareStringW 16670->16671 16671->16669 16673 7ff685c26f6a HeapSize 16672->16673 16674 7ff685c26f51 16672->16674 16675 7ff685c143f4 _get_daylight 11 API calls 16674->16675 16676 7ff685c26f56 16675->16676 16677 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 16676->16677 16678 7ff685c26f61 16677->16678 16678->16293 16680 7ff685c26f99 16679->16680 16681 7ff685c26fa3 16679->16681 16683 7ff685c1c90c _fread_nolock 12 API calls 16680->16683 16682 7ff685c26fa8 16681->16682 16690 7ff685c26faf _get_daylight 16681->16690 16684 7ff685c19c58 __free_lconv_mon 11 API calls 16682->16684 16687 7ff685c26fa1 16683->16687 16684->16687 16685 7ff685c26fe2 HeapReAlloc 16685->16687 16685->16690 16686 7ff685c26fb5 16688 7ff685c143f4 _get_daylight 11 API calls 16686->16688 16687->16297 16688->16687 16689 7ff685c228a0 _get_daylight 2 API calls 16689->16690 16690->16685 16690->16686 16690->16689 16692 7ff685c1e020 __crtLCMapStringW 5 API calls 16691->16692 16693 7ff685c1e254 16692->16693 16693->16301 16695 7ff685c147e6 16694->16695 16696 7ff685c1480a 16694->16696 16700 7ff685c19c58 __free_lconv_mon 11 API calls 16695->16700 16703 7ff685c147f5 16695->16703 16697 7ff685c1480f 16696->16697 16698 7ff685c14864 16696->16698 16701 7ff685c14824 16697->16701 16697->16703 16704 7ff685c19c58 __free_lconv_mon 11 API calls 16697->16704 16699 7ff685c1ebb0 _fread_nolock MultiByteToWideChar 16698->16699 16711 7ff685c14880 16699->16711 16700->16703 16705 7ff685c1c90c _fread_nolock 12 API calls 16701->16705 16702 7ff685c14887 GetLastError 16706 7ff685c14368 _fread_nolock 11 API calls 16702->16706 16703->16305 16703->16306 16704->16701 16705->16703 16709 7ff685c14894 16706->16709 16707 7ff685c148c2 16707->16703 16708 7ff685c1ebb0 _fread_nolock MultiByteToWideChar 16707->16708 16713 7ff685c14906 16708->16713 16714 7ff685c143f4 _get_daylight 11 API calls 16709->16714 16710 7ff685c148b5 16712 7ff685c1c90c _fread_nolock 12 API calls 16710->16712 16711->16702 16711->16707 16711->16710 16715 7ff685c19c58 __free_lconv_mon 11 API calls 16711->16715 16712->16707 16713->16702 16713->16703 16714->16703 16715->16710 16717 7ff685c1853d 16716->16717 16725 7ff685c18539 16716->16725 16737 7ff685c21d4c GetEnvironmentStringsW 16717->16737 16720 7ff685c18556 16744 7ff685c186a4 16720->16744 16721 7ff685c1854a 16722 7ff685c19c58 __free_lconv_mon 11 API calls 16721->16722 16722->16725 16725->16337 16729 7ff685c188e4 16725->16729 16726 7ff685c19c58 __free_lconv_mon 11 API calls 16727 7ff685c1857d 16726->16727 16728 7ff685c19c58 __free_lconv_mon 11 API calls 16727->16728 16728->16725 16730 7ff685c18907 16729->16730 16735 7ff685c1891e 16729->16735 16730->16337 16731 7ff685c1ebb0 MultiByteToWideChar _fread_nolock 16731->16735 16732 7ff685c1dea8 _get_daylight 11 API calls 16732->16735 16733 7ff685c18992 16734 7ff685c19c58 __free_lconv_mon 11 API calls 16733->16734 16734->16730 16735->16730 16735->16731 16735->16732 16735->16733 16736 7ff685c19c58 __free_lconv_mon 11 API calls 16735->16736 16736->16735 16738 7ff685c21d70 16737->16738 16739 7ff685c18542 16737->16739 16740 7ff685c1c90c _fread_nolock 12 API calls 16738->16740 16739->16720 16739->16721 16741 7ff685c21da7 memcpy_s 16740->16741 16742 7ff685c19c58 __free_lconv_mon 11 API calls 16741->16742 16743 7ff685c21dc7 FreeEnvironmentStringsW 16742->16743 16743->16739 16745 7ff685c186cc 16744->16745 16746 7ff685c1dea8 _get_daylight 11 API calls 16745->16746 16757 7ff685c18707 16746->16757 16747 7ff685c1870f 16748 7ff685c19c58 __free_lconv_mon 11 API calls 16747->16748 16749 7ff685c1855e 16748->16749 16749->16726 16750 7ff685c18789 16751 7ff685c19c58 __free_lconv_mon 11 API calls 16750->16751 16751->16749 16752 7ff685c1dea8 _get_daylight 11 API calls 16752->16757 16753 7ff685c18778 16754 7ff685c187c0 11 API calls 16753->16754 16756 7ff685c18780 16754->16756 16755 7ff685c1f784 37 API calls 16755->16757 16759 7ff685c19c58 __free_lconv_mon 11 API calls 16756->16759 16757->16747 16757->16750 16757->16752 16757->16753 16757->16755 16758 7ff685c187ac 16757->16758 16760 7ff685c19c58 __free_lconv_mon 11 API calls 16757->16760 16761 7ff685c19c10 _isindst 17 API calls 16758->16761 16759->16747 16760->16757 16762 7ff685c187be 16761->16762 16765 7ff685c27e41 __crtLCMapStringW 16763->16765 16764 7ff685c263fe 16764->16360 16764->16361 16765->16764 16766 7ff685c1e278 6 API calls 16765->16766 16766->16764 16767 7ff685c0bf5c 16788 7ff685c0c12c 16767->16788 16770 7ff685c0c0a8 16911 7ff685c0c44c IsProcessorFeaturePresent 16770->16911 16771 7ff685c0bf78 __scrt_acquire_startup_lock 16773 7ff685c0c0b2 16771->16773 16780 7ff685c0bf96 __scrt_release_startup_lock 16771->16780 16774 7ff685c0c44c 7 API calls 16773->16774 16776 7ff685c0c0bd __GetCurrentState 16774->16776 16775 7ff685c0bfbb 16777 7ff685c0c041 16794 7ff685c0c594 16777->16794 16779 7ff685c0c046 16797 7ff685c01000 16779->16797 16780->16775 16780->16777 16900 7ff685c18e44 16780->16900 16785 7ff685c0c069 16785->16776 16907 7ff685c0c2b0 16785->16907 16789 7ff685c0c134 16788->16789 16790 7ff685c0c140 __scrt_dllmain_crt_thread_attach 16789->16790 16791 7ff685c0bf70 16790->16791 16792 7ff685c0c14d 16790->16792 16791->16770 16791->16771 16792->16791 16918 7ff685c0cba8 16792->16918 16795 7ff685c297e0 memcpy_s 16794->16795 16796 7ff685c0c5ab GetStartupInfoW 16795->16796 16796->16779 16798 7ff685c01009 16797->16798 16945 7ff685c14794 16798->16945 16800 7ff685c0352b 16952 7ff685c033e0 16800->16952 16803 7ff685c03538 16806 7ff685c0b870 _log10_special 8 API calls 16803->16806 16809 7ff685c0372a 16806->16809 16807 7ff685c0356c 16811 7ff685c01bf0 49 API calls 16807->16811 16808 7ff685c03736 17143 7ff685c03f70 16808->17143 16905 7ff685c0c5d8 GetModuleHandleW 16809->16905 16826 7ff685c03588 16811->16826 16813 7ff685c03785 16815 7ff685c025f0 53 API calls 16813->16815 16815->16803 16817 7ff685c03778 16819 7ff685c0379f 16817->16819 16820 7ff685c0377d 16817->16820 16818 7ff685c0365f __std_exception_destroy 16823 7ff685c07e10 14 API calls 16818->16823 16855 7ff685c03834 16818->16855 16822 7ff685c01bf0 49 API calls 16819->16822 17162 7ff685c0f36c 16820->17162 16825 7ff685c037be 16822->16825 16827 7ff685c036ae 16823->16827 16835 7ff685c018f0 115 API calls 16825->16835 17014 7ff685c07e10 16826->17014 17027 7ff685c07f80 16827->17027 16828 7ff685c03852 16830 7ff685c03865 16828->16830 16831 7ff685c03871 16828->16831 17169 7ff685c03fe0 16830->17169 16834 7ff685c01bf0 49 API calls 16831->16834 16832 7ff685c036bd 16837 7ff685c0380f 16832->16837 16840 7ff685c036cf 16832->16840 16838 7ff685c03805 __std_exception_destroy 16834->16838 16836 7ff685c037df 16835->16836 16836->16826 16839 7ff685c037ef 16836->16839 17036 7ff685c08400 16837->17036 17087 7ff685c086b0 16838->17087 16843 7ff685c025f0 53 API calls 16839->16843 17032 7ff685c01bf0 16840->17032 16843->16803 16846 7ff685c0389e SetDllDirectoryW 16851 7ff685c038c3 16846->16851 16849 7ff685c036fc 17132 7ff685c025f0 16849->17132 16852 7ff685c03a50 16851->16852 17092 7ff685c06560 16851->17092 16857 7ff685c03a7d 16852->16857 16858 7ff685c03a5a PostMessageW GetMessageW 16852->16858 16855->16838 17166 7ff685c03e90 16855->17166 17227 7ff685c03080 16857->17227 16858->16857 16860 7ff685c038ea 16862 7ff685c03947 16860->16862 16864 7ff685c03901 16860->16864 17172 7ff685c065a0 16860->17172 16862->16852 16869 7ff685c0395c 16862->16869 16876 7ff685c03905 16864->16876 17193 7ff685c06970 16864->17193 17112 7ff685c030e0 16869->17112 16871 7ff685c06780 FreeLibrary 16873 7ff685c03aa3 16871->16873 16876->16862 17209 7ff685c02870 16876->17209 16901 7ff685c18e5b 16900->16901 16902 7ff685c18e7c 16900->16902 16901->16777 16903 7ff685c196e8 45 API calls 16902->16903 16904 7ff685c18e81 16903->16904 16906 7ff685c0c5e9 16905->16906 16906->16785 16909 7ff685c0c2c1 16907->16909 16908 7ff685c0c080 16908->16775 16909->16908 16910 7ff685c0cba8 7 API calls 16909->16910 16910->16908 16912 7ff685c0c472 _isindst memcpy_s 16911->16912 16913 7ff685c0c491 RtlCaptureContext RtlLookupFunctionEntry 16912->16913 16914 7ff685c0c4f6 memcpy_s 16913->16914 16915 7ff685c0c4ba RtlVirtualUnwind 16913->16915 16916 7ff685c0c528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16914->16916 16915->16914 16917 7ff685c0c576 _isindst 16916->16917 16917->16773 16919 7ff685c0cbba 16918->16919 16920 7ff685c0cbb0 16918->16920 16919->16791 16924 7ff685c0cf44 16920->16924 16925 7ff685c0cbb5 16924->16925 16926 7ff685c0cf53 16924->16926 16928 7ff685c0cfb0 16925->16928 16932 7ff685c0d180 16926->16932 16929 7ff685c0cfdb 16928->16929 16930 7ff685c0cfbe DeleteCriticalSection 16929->16930 16931 7ff685c0cfdf 16929->16931 16930->16929 16931->16919 16936 7ff685c0cfe8 16932->16936 16937 7ff685c0d0d2 TlsFree 16936->16937 16942 7ff685c0d02c __vcrt_FlsAlloc 16936->16942 16938 7ff685c0d05a LoadLibraryExW 16939 7ff685c0d0f9 16938->16939 16940 7ff685c0d07b GetLastError 16938->16940 16941 7ff685c0d119 GetProcAddress 16939->16941 16943 7ff685c0d110 FreeLibrary 16939->16943 16940->16942 16941->16937 16942->16937 16942->16938 16942->16941 16944 7ff685c0d09d LoadLibraryExW 16942->16944 16943->16941 16944->16939 16944->16942 16947 7ff685c1e790 16945->16947 16946 7ff685c1e7e3 16948 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 16946->16948 16947->16946 16949 7ff685c1e836 16947->16949 16951 7ff685c1e80c 16948->16951 17240 7ff685c1e668 16949->17240 16951->16800 17248 7ff685c0bb70 16952->17248 16955 7ff685c0341b 17255 7ff685c029e0 16955->17255 16956 7ff685c03438 17250 7ff685c085a0 FindFirstFileExW 16956->17250 16960 7ff685c034a5 17274 7ff685c08760 16960->17274 16961 7ff685c0344b 17265 7ff685c08620 CreateFileW 16961->17265 16963 7ff685c0b870 _log10_special 8 API calls 16966 7ff685c034dd 16963->16966 16965 7ff685c034b3 16969 7ff685c026c0 49 API calls 16965->16969 16972 7ff685c0342e 16965->16972 16966->16803 16974 7ff685c018f0 16966->16974 16968 7ff685c0345c 17268 7ff685c026c0 16968->17268 16969->16972 16971 7ff685c03474 __vcrt_FlsAlloc 16971->16960 16972->16963 16975 7ff685c03f70 108 API calls 16974->16975 16976 7ff685c01925 16975->16976 16977 7ff685c01bb6 16976->16977 16979 7ff685c076a0 83 API calls 16976->16979 16978 7ff685c0b870 _log10_special 8 API calls 16977->16978 16981 7ff685c01bd1 16978->16981 16980 7ff685c0196b 16979->16980 17013 7ff685c0199c 16980->17013 17619 7ff685c0f9f4 16980->17619 16981->16807 16981->16808 16983 7ff685c0f36c 74 API calls 16983->16977 16984 7ff685c01985 16985 7ff685c019a1 16984->16985 16986 7ff685c01989 16984->16986 17623 7ff685c0f6bc 16985->17623 17626 7ff685c02760 16986->17626 16990 7ff685c019bf 16992 7ff685c02760 53 API calls 16990->16992 16991 7ff685c019d7 16993 7ff685c019ee 16991->16993 16994 7ff685c01a06 16991->16994 16992->17013 16995 7ff685c02760 53 API calls 16993->16995 16996 7ff685c01bf0 49 API calls 16994->16996 16995->17013 16997 7ff685c01a1d 16996->16997 16998 7ff685c01bf0 49 API calls 16997->16998 16999 7ff685c01a68 16998->16999 17000 7ff685c0f9f4 73 API calls 16999->17000 17001 7ff685c01a8c 17000->17001 17002 7ff685c01aa1 17001->17002 17003 7ff685c01ab9 17001->17003 17005 7ff685c02760 53 API calls 17002->17005 17004 7ff685c0f6bc _fread_nolock 53 API calls 17003->17004 17006 7ff685c01ace 17004->17006 17005->17013 17007 7ff685c01ad4 17006->17007 17008 7ff685c01aec 17006->17008 17009 7ff685c02760 53 API calls 17007->17009 17643 7ff685c0f430 17008->17643 17009->17013 17012 7ff685c025f0 53 API calls 17012->17013 17013->16983 17015 7ff685c07e1a 17014->17015 17016 7ff685c086b0 2 API calls 17015->17016 17017 7ff685c07e39 GetEnvironmentVariableW 17016->17017 17018 7ff685c07ea2 17017->17018 17019 7ff685c07e56 ExpandEnvironmentStringsW 17017->17019 17021 7ff685c0b870 _log10_special 8 API calls 17018->17021 17019->17018 17020 7ff685c07e78 17019->17020 17022 7ff685c08760 2 API calls 17020->17022 17023 7ff685c07eb4 17021->17023 17024 7ff685c07e8a 17022->17024 17023->16818 17025 7ff685c0b870 _log10_special 8 API calls 17024->17025 17026 7ff685c07e9a 17025->17026 17026->16818 17028 7ff685c086b0 2 API calls 17027->17028 17029 7ff685c07f94 17028->17029 17849 7ff685c17548 17029->17849 17031 7ff685c07fa6 __std_exception_destroy 17031->16832 17033 7ff685c01c15 17032->17033 17034 7ff685c13ca4 49 API calls 17033->17034 17035 7ff685c01c38 17034->17035 17035->16838 17035->16849 17037 7ff685c08415 17036->17037 17867 7ff685c07b50 GetCurrentProcess OpenProcessToken 17037->17867 17040 7ff685c07b50 7 API calls 17041 7ff685c08441 17040->17041 17042 7ff685c0845a 17041->17042 17043 7ff685c08474 17041->17043 17045 7ff685c02590 48 API calls 17042->17045 17044 7ff685c02590 48 API calls 17043->17044 17047 7ff685c08487 LocalFree LocalFree 17044->17047 17046 7ff685c08472 17045->17046 17046->17047 17048 7ff685c084a3 17047->17048 17050 7ff685c084af 17047->17050 17877 7ff685c02940 17048->17877 17051 7ff685c0b870 _log10_special 8 API calls 17050->17051 17052 7ff685c03814 17051->17052 17088 7ff685c086f6 17087->17088 17089 7ff685c086d2 MultiByteToWideChar 17087->17089 17090 7ff685c08713 MultiByteToWideChar 17088->17090 17091 7ff685c0870c __std_exception_destroy 17088->17091 17089->17088 17089->17091 17090->17091 17091->16846 17093 7ff685c06575 17092->17093 17094 7ff685c038d5 17093->17094 17095 7ff685c02760 53 API calls 17093->17095 17096 7ff685c06b00 17094->17096 17095->17094 17097 7ff685c06b30 17096->17097 17100 7ff685c06b4a __std_exception_destroy 17096->17100 17097->17100 18052 7ff685c01440 17097->18052 17099 7ff685c06b54 17099->17100 17101 7ff685c03fe0 49 API calls 17099->17101 17100->16860 17102 7ff685c06b76 17101->17102 17103 7ff685c03fe0 49 API calls 17102->17103 17106 7ff685c06b7b 17102->17106 17105 7ff685c06b9a 17103->17105 17104 7ff685c02870 53 API calls 17104->17100 17105->17106 17107 7ff685c03fe0 49 API calls 17105->17107 17106->17104 17108 7ff685c06bb6 17107->17108 17108->17106 17109 7ff685c06bbf 17108->17109 17110 7ff685c025f0 53 API calls 17109->17110 17111 7ff685c06c2f __std_exception_destroy memcpy_s 17109->17111 17110->17100 17111->16860 17124 7ff685c030ee memcpy_s 17112->17124 17113 7ff685c0b870 _log10_special 8 API calls 17114 7ff685c0338e 17113->17114 17114->16803 17131 7ff685c083e0 LocalFree 17114->17131 17115 7ff685c032e7 17115->17113 17117 7ff685c01bf0 49 API calls 17117->17124 17118 7ff685c03309 17120 7ff685c025f0 53 API calls 17118->17120 17120->17115 17123 7ff685c032e9 17126 7ff685c025f0 53 API calls 17123->17126 17124->17115 17124->17117 17124->17118 17124->17123 17125 7ff685c02870 53 API calls 17124->17125 17129 7ff685c032f7 17124->17129 18113 7ff685c03f10 17124->18113 18119 7ff685c07530 17124->18119 18131 7ff685c015c0 17124->18131 18169 7ff685c068e0 17124->18169 18173 7ff685c03b40 17124->18173 18217 7ff685c03e00 17124->18217 17125->17124 17126->17115 17130 7ff685c025f0 53 API calls 17129->17130 17130->17115 17133 7ff685c0262a 17132->17133 17134 7ff685c13ca4 49 API calls 17133->17134 17135 7ff685c02652 17134->17135 17136 7ff685c086b0 2 API calls 17135->17136 17137 7ff685c0266a 17136->17137 17138 7ff685c0268e MessageBoxA 17137->17138 17139 7ff685c02677 MessageBoxW 17137->17139 17144 7ff685c03f7c 17143->17144 17145 7ff685c086b0 2 API calls 17144->17145 17146 7ff685c03fa4 17145->17146 17147 7ff685c086b0 2 API calls 17146->17147 17148 7ff685c03fb7 17147->17148 18337 7ff685c152a4 17148->18337 17151 7ff685c0b870 _log10_special 8 API calls 17152 7ff685c03746 17151->17152 17152->16813 17153 7ff685c076a0 17152->17153 17154 7ff685c076c4 17153->17154 17155 7ff685c0f9f4 73 API calls 17154->17155 17160 7ff685c0779b __std_exception_destroy 17154->17160 17156 7ff685c076e0 17155->17156 17156->17160 18728 7ff685c16bd8 17156->18728 17158 7ff685c0f9f4 73 API calls 17161 7ff685c076f5 17158->17161 17159 7ff685c0f6bc _fread_nolock 53 API calls 17159->17161 17160->16817 17161->17158 17161->17159 17161->17160 17163 7ff685c0f39c 17162->17163 18743 7ff685c0f148 17163->18743 17165 7ff685c0f3b5 17165->16813 17167 7ff685c01bf0 49 API calls 17166->17167 17168 7ff685c03ead 17167->17168 17168->16828 17170 7ff685c01bf0 49 API calls 17169->17170 17171 7ff685c04010 17170->17171 17171->16838 17176 7ff685c065bc 17172->17176 17173 7ff685c0b870 _log10_special 8 API calls 17174 7ff685c066f1 17173->17174 17174->16864 17175 7ff685c017e0 45 API calls 17175->17176 17176->17175 17177 7ff685c0675d 17176->17177 17179 7ff685c01bf0 49 API calls 17176->17179 17180 7ff685c066df 17176->17180 17181 7ff685c0674a 17176->17181 17182 7ff685c03f10 10 API calls 17176->17182 17184 7ff685c0670d 17176->17184 17185 7ff685c07530 52 API calls 17176->17185 17187 7ff685c02870 53 API calls 17176->17187 17188 7ff685c06737 17176->17188 17189 7ff685c015c0 118 API calls 17176->17189 17191 7ff685c06720 17176->17191 17178 7ff685c025f0 53 API calls 17177->17178 17178->17180 17179->17176 17180->17173 17183 7ff685c025f0 53 API calls 17181->17183 17182->17176 17183->17180 17186 7ff685c025f0 53 API calls 17184->17186 17185->17176 17186->17180 17187->17176 17190 7ff685c025f0 53 API calls 17188->17190 17189->17176 17190->17180 17192 7ff685c025f0 53 API calls 17191->17192 17192->17180 18754 7ff685c081a0 17193->18754 17195 7ff685c06989 17196 7ff685c081a0 3 API calls 17195->17196 17197 7ff685c0699c 17196->17197 17198 7ff685c069cf 17197->17198 17200 7ff685c069b4 17197->17200 17199 7ff685c025f0 53 API calls 17198->17199 17201 7ff685c03916 17199->17201 18758 7ff685c06ea0 GetProcAddress 17200->18758 17201->16876 17203 7ff685c06cd0 17201->17203 17210 7ff685c028aa 17209->17210 17211 7ff685c13ca4 49 API calls 17210->17211 17212 7ff685c028d2 17211->17212 17213 7ff685c086b0 2 API calls 17212->17213 17214 7ff685c028ea 17213->17214 17215 7ff685c0290e MessageBoxA 17214->17215 17216 7ff685c028f7 MessageBoxW 17214->17216 17217 7ff685c02920 17215->17217 17216->17217 17218 7ff685c0b870 _log10_special 8 API calls 17217->17218 17219 7ff685c02930 17218->17219 17220 7ff685c06780 17219->17220 17221 7ff685c068d6 17220->17221 17226 7ff685c06792 17220->17226 17221->16862 18823 7ff685c05af0 17227->18823 17230 7ff685c030b9 17236 7ff685c033a0 17230->17236 17237 7ff685c033ae 17236->17237 17239 7ff685c033bf 17237->17239 19096 7ff685c08180 FreeLibrary 17237->19096 17239->16871 17247 7ff685c1477c EnterCriticalSection 17240->17247 17249 7ff685c033ec GetModuleFileNameW 17248->17249 17249->16955 17249->16956 17251 7ff685c085df FindClose 17250->17251 17252 7ff685c085f2 17250->17252 17251->17252 17253 7ff685c0b870 _log10_special 8 API calls 17252->17253 17254 7ff685c03442 17253->17254 17254->16960 17254->16961 17256 7ff685c0bb70 17255->17256 17257 7ff685c029fc GetLastError 17256->17257 17258 7ff685c02a29 17257->17258 17279 7ff685c13ef8 17258->17279 17263 7ff685c0b870 _log10_special 8 API calls 17264 7ff685c02ae5 17263->17264 17264->16972 17266 7ff685c03458 17265->17266 17267 7ff685c08660 GetFinalPathNameByHandleW CloseHandle 17265->17267 17266->16968 17266->16971 17267->17266 17269 7ff685c026fa 17268->17269 17270 7ff685c13ef8 48 API calls 17269->17270 17271 7ff685c02722 MessageBoxW 17270->17271 17272 7ff685c0b870 _log10_special 8 API calls 17271->17272 17273 7ff685c0274c 17272->17273 17273->16972 17275 7ff685c0878a WideCharToMultiByte 17274->17275 17276 7ff685c087b5 17274->17276 17275->17276 17278 7ff685c087cb __std_exception_destroy 17275->17278 17277 7ff685c087d2 WideCharToMultiByte 17276->17277 17276->17278 17277->17278 17278->16965 17282 7ff685c13f52 17279->17282 17280 7ff685c13f77 17281 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17280->17281 17285 7ff685c13fa1 17281->17285 17282->17280 17283 7ff685c13fb3 17282->17283 17301 7ff685c122b0 17283->17301 17288 7ff685c0b870 _log10_special 8 API calls 17285->17288 17286 7ff685c14094 17287 7ff685c19c58 __free_lconv_mon 11 API calls 17286->17287 17287->17285 17289 7ff685c02a54 FormatMessageW 17288->17289 17297 7ff685c02590 17289->17297 17291 7ff685c14069 17293 7ff685c19c58 __free_lconv_mon 11 API calls 17291->17293 17292 7ff685c140ba 17292->17286 17295 7ff685c140c4 17292->17295 17293->17285 17294 7ff685c14060 17294->17286 17294->17291 17296 7ff685c19c58 __free_lconv_mon 11 API calls 17295->17296 17296->17285 17298 7ff685c025b5 17297->17298 17299 7ff685c13ef8 48 API calls 17298->17299 17300 7ff685c025d8 MessageBoxW 17299->17300 17300->17263 17302 7ff685c122ee 17301->17302 17303 7ff685c122de 17301->17303 17304 7ff685c122f7 17302->17304 17308 7ff685c12325 17302->17308 17305 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17303->17305 17306 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17304->17306 17307 7ff685c1231d 17305->17307 17306->17307 17307->17286 17307->17291 17307->17292 17307->17294 17308->17303 17308->17307 17312 7ff685c12cc4 17308->17312 17345 7ff685c12710 17308->17345 17382 7ff685c11ea0 17308->17382 17313 7ff685c12d06 17312->17313 17314 7ff685c12d77 17312->17314 17315 7ff685c12d0c 17313->17315 17316 7ff685c12da1 17313->17316 17317 7ff685c12d7c 17314->17317 17318 7ff685c12dd0 17314->17318 17319 7ff685c12d40 17315->17319 17320 7ff685c12d11 17315->17320 17405 7ff685c11074 17316->17405 17321 7ff685c12d7e 17317->17321 17322 7ff685c12db1 17317->17322 17324 7ff685c12de7 17318->17324 17327 7ff685c12dda 17318->17327 17328 7ff685c12ddf 17318->17328 17325 7ff685c12d17 17319->17325 17319->17328 17320->17324 17320->17325 17326 7ff685c12d20 17321->17326 17334 7ff685c12d8d 17321->17334 17412 7ff685c10c64 17322->17412 17419 7ff685c139cc 17324->17419 17325->17326 17332 7ff685c12d52 17325->17332 17341 7ff685c12d3b 17325->17341 17343 7ff685c12e10 17326->17343 17385 7ff685c13478 17326->17385 17327->17316 17327->17328 17328->17343 17423 7ff685c11484 17328->17423 17332->17343 17395 7ff685c137b4 17332->17395 17334->17316 17335 7ff685c12d92 17334->17335 17335->17343 17401 7ff685c13878 17335->17401 17337 7ff685c0b870 _log10_special 8 API calls 17339 7ff685c1310a 17337->17339 17339->17308 17341->17343 17344 7ff685c12ffc 17341->17344 17430 7ff685c13ae0 17341->17430 17343->17337 17344->17343 17436 7ff685c1dd18 17344->17436 17346 7ff685c1271e 17345->17346 17347 7ff685c12734 17345->17347 17348 7ff685c12d06 17346->17348 17349 7ff685c12d77 17346->17349 17351 7ff685c12774 17346->17351 17350 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17347->17350 17347->17351 17352 7ff685c12d0c 17348->17352 17353 7ff685c12da1 17348->17353 17354 7ff685c12d7c 17349->17354 17355 7ff685c12dd0 17349->17355 17350->17351 17351->17308 17356 7ff685c12d40 17352->17356 17357 7ff685c12d11 17352->17357 17360 7ff685c11074 38 API calls 17353->17360 17358 7ff685c12d7e 17354->17358 17359 7ff685c12db1 17354->17359 17361 7ff685c12de7 17355->17361 17364 7ff685c12dda 17355->17364 17367 7ff685c12ddf 17355->17367 17362 7ff685c12d17 17356->17362 17356->17367 17357->17361 17357->17362 17363 7ff685c12d20 17358->17363 17371 7ff685c12d8d 17358->17371 17365 7ff685c10c64 38 API calls 17359->17365 17378 7ff685c12d3b 17360->17378 17368 7ff685c139cc 45 API calls 17361->17368 17362->17363 17369 7ff685c12d52 17362->17369 17362->17378 17366 7ff685c13478 47 API calls 17363->17366 17380 7ff685c12e10 17363->17380 17364->17353 17364->17367 17365->17378 17366->17378 17370 7ff685c11484 38 API calls 17367->17370 17367->17380 17368->17378 17373 7ff685c137b4 46 API calls 17369->17373 17369->17380 17370->17378 17371->17353 17372 7ff685c12d92 17371->17372 17375 7ff685c13878 37 API calls 17372->17375 17372->17380 17373->17378 17374 7ff685c0b870 _log10_special 8 API calls 17376 7ff685c1310a 17374->17376 17375->17378 17376->17308 17377 7ff685c13ae0 45 API calls 17381 7ff685c12ffc 17377->17381 17378->17377 17378->17380 17378->17381 17379 7ff685c1dd18 46 API calls 17379->17381 17380->17374 17381->17379 17381->17380 17602 7ff685c102e8 17382->17602 17386 7ff685c1349e 17385->17386 17448 7ff685c0fea0 17386->17448 17391 7ff685c13ae0 45 API calls 17393 7ff685c135e3 17391->17393 17392 7ff685c13ae0 45 API calls 17394 7ff685c13671 17392->17394 17393->17392 17393->17393 17393->17394 17394->17341 17396 7ff685c137e9 17395->17396 17397 7ff685c13807 17396->17397 17398 7ff685c13ae0 45 API calls 17396->17398 17400 7ff685c1382e 17396->17400 17399 7ff685c1dd18 46 API calls 17397->17399 17398->17397 17399->17400 17400->17341 17403 7ff685c13899 17401->17403 17402 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17404 7ff685c138ca 17402->17404 17403->17402 17403->17404 17404->17341 17406 7ff685c110a7 17405->17406 17407 7ff685c110d6 17406->17407 17410 7ff685c11193 17406->17410 17408 7ff685c11113 17407->17408 17575 7ff685c0ff48 17407->17575 17408->17341 17411 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17410->17411 17411->17408 17413 7ff685c10c97 17412->17413 17414 7ff685c10cc6 17413->17414 17416 7ff685c10d83 17413->17416 17415 7ff685c0ff48 12 API calls 17414->17415 17418 7ff685c10d03 17414->17418 17415->17418 17417 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17416->17417 17417->17418 17418->17341 17420 7ff685c13a0f 17419->17420 17421 7ff685c13a13 __crtLCMapStringW 17420->17421 17583 7ff685c13a68 17420->17583 17421->17341 17424 7ff685c114b7 17423->17424 17425 7ff685c114e6 17424->17425 17427 7ff685c115a3 17424->17427 17426 7ff685c0ff48 12 API calls 17425->17426 17429 7ff685c11523 17425->17429 17426->17429 17428 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17427->17428 17428->17429 17429->17341 17431 7ff685c13af7 17430->17431 17587 7ff685c1ccc8 17431->17587 17438 7ff685c1dd49 17436->17438 17445 7ff685c1dd57 17436->17445 17437 7ff685c1dd77 17440 7ff685c1dd88 17437->17440 17441 7ff685c1ddaf 17437->17441 17438->17437 17439 7ff685c13ae0 45 API calls 17438->17439 17438->17445 17439->17437 17595 7ff685c1f3b0 17440->17595 17443 7ff685c1ddd9 17441->17443 17444 7ff685c1de3a 17441->17444 17441->17445 17443->17445 17447 7ff685c1ebb0 _fread_nolock MultiByteToWideChar 17443->17447 17446 7ff685c1ebb0 _fread_nolock MultiByteToWideChar 17444->17446 17445->17344 17446->17445 17447->17445 17449 7ff685c0fed7 17448->17449 17450 7ff685c0fec6 17448->17450 17449->17450 17451 7ff685c1c90c _fread_nolock 12 API calls 17449->17451 17456 7ff685c1d880 17450->17456 17452 7ff685c0ff04 17451->17452 17453 7ff685c0ff18 17452->17453 17455 7ff685c19c58 __free_lconv_mon 11 API calls 17452->17455 17454 7ff685c19c58 __free_lconv_mon 11 API calls 17453->17454 17454->17450 17455->17453 17457 7ff685c1d89d 17456->17457 17458 7ff685c1d8d0 17456->17458 17459 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17457->17459 17458->17457 17460 7ff685c1d902 17458->17460 17469 7ff685c135c1 17459->17469 17461 7ff685c1da15 17460->17461 17473 7ff685c1d94a 17460->17473 17462 7ff685c1db07 17461->17462 17464 7ff685c1dacd 17461->17464 17466 7ff685c1da9c 17461->17466 17467 7ff685c1da5f 17461->17467 17470 7ff685c1da55 17461->17470 17502 7ff685c1cd6c 17462->17502 17495 7ff685c1d104 17464->17495 17488 7ff685c1d3e4 17466->17488 17478 7ff685c1d614 17467->17478 17469->17391 17469->17393 17470->17464 17472 7ff685c1da5a 17470->17472 17472->17466 17472->17467 17473->17469 17474 7ff685c197b4 __std_exception_copy 37 API calls 17473->17474 17475 7ff685c1da02 17474->17475 17475->17469 17476 7ff685c19c10 _isindst 17 API calls 17475->17476 17477 7ff685c1db64 17476->17477 17511 7ff685c233bc 17478->17511 17482 7ff685c1d6bc 17483 7ff685c1d6c0 17482->17483 17484 7ff685c1d711 17482->17484 17486 7ff685c1d6dc 17482->17486 17483->17469 17564 7ff685c1d200 17484->17564 17560 7ff685c1d4bc 17486->17560 17489 7ff685c233bc 38 API calls 17488->17489 17490 7ff685c1d42e 17489->17490 17491 7ff685c22e04 37 API calls 17490->17491 17492 7ff685c1d47e 17491->17492 17493 7ff685c1d482 17492->17493 17494 7ff685c1d4bc 45 API calls 17492->17494 17493->17469 17494->17493 17496 7ff685c233bc 38 API calls 17495->17496 17497 7ff685c1d14f 17496->17497 17498 7ff685c22e04 37 API calls 17497->17498 17499 7ff685c1d1a7 17498->17499 17500 7ff685c1d1ab 17499->17500 17501 7ff685c1d200 45 API calls 17499->17501 17500->17469 17501->17500 17503 7ff685c1cdb1 17502->17503 17504 7ff685c1cde4 17502->17504 17505 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17503->17505 17506 7ff685c1cdfc 17504->17506 17508 7ff685c1ce7d 17504->17508 17510 7ff685c1cddd memcpy_s 17505->17510 17507 7ff685c1d104 46 API calls 17506->17507 17507->17510 17509 7ff685c13ae0 45 API calls 17508->17509 17508->17510 17509->17510 17510->17469 17512 7ff685c2340f fegetenv 17511->17512 17513 7ff685c2713c 37 API calls 17512->17513 17518 7ff685c23462 17513->17518 17514 7ff685c2348f 17517 7ff685c197b4 __std_exception_copy 37 API calls 17514->17517 17515 7ff685c23552 17516 7ff685c2713c 37 API calls 17515->17516 17519 7ff685c2357c 17516->17519 17520 7ff685c2350d 17517->17520 17518->17515 17521 7ff685c2347d 17518->17521 17522 7ff685c2352c 17518->17522 17523 7ff685c2713c 37 API calls 17519->17523 17525 7ff685c24634 17520->17525 17530 7ff685c23515 17520->17530 17521->17514 17521->17515 17526 7ff685c197b4 __std_exception_copy 37 API calls 17522->17526 17524 7ff685c2358d 17523->17524 17527 7ff685c27330 20 API calls 17524->17527 17528 7ff685c19c10 _isindst 17 API calls 17525->17528 17526->17520 17538 7ff685c235f6 memcpy_s 17527->17538 17529 7ff685c24649 17528->17529 17531 7ff685c0b870 _log10_special 8 API calls 17530->17531 17532 7ff685c1d661 17531->17532 17556 7ff685c22e04 17532->17556 17533 7ff685c2399f memcpy_s 17534 7ff685c23cdf 17535 7ff685c22f20 37 API calls 17534->17535 17543 7ff685c243f7 17535->17543 17536 7ff685c23c8b 17536->17534 17539 7ff685c2464c memcpy_s 37 API calls 17536->17539 17537 7ff685c23637 memcpy_s 17549 7ff685c23f7b memcpy_s 17537->17549 17553 7ff685c23a93 memcpy_s 17537->17553 17538->17533 17538->17537 17540 7ff685c143f4 _get_daylight 11 API calls 17538->17540 17539->17534 17541 7ff685c23a70 17540->17541 17542 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17541->17542 17542->17537 17544 7ff685c2464c memcpy_s 37 API calls 17543->17544 17555 7ff685c24452 17543->17555 17544->17555 17545 7ff685c245d8 17546 7ff685c2713c 37 API calls 17545->17546 17546->17530 17547 7ff685c143f4 11 API calls _get_daylight 17547->17549 17548 7ff685c143f4 11 API calls _get_daylight 17548->17553 17549->17534 17549->17536 17549->17547 17551 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 17549->17551 17550 7ff685c22f20 37 API calls 17550->17555 17551->17549 17552 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 17552->17553 17553->17536 17553->17548 17553->17552 17554 7ff685c2464c memcpy_s 37 API calls 17554->17555 17555->17545 17555->17550 17555->17554 17557 7ff685c22e23 17556->17557 17558 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17557->17558 17559 7ff685c22e4e memcpy_s 17557->17559 17558->17559 17559->17482 17561 7ff685c1d4e8 memcpy_s 17560->17561 17562 7ff685c13ae0 45 API calls 17561->17562 17563 7ff685c1d5a2 memcpy_s 17561->17563 17562->17563 17563->17483 17565 7ff685c1d288 memcpy_s 17564->17565 17566 7ff685c1d23b 17564->17566 17569 7ff685c1d2f3 17565->17569 17571 7ff685c13ae0 45 API calls 17565->17571 17567 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17566->17567 17568 7ff685c1d267 17567->17568 17568->17483 17570 7ff685c197b4 __std_exception_copy 37 API calls 17569->17570 17574 7ff685c1d335 memcpy_s 17570->17574 17571->17569 17572 7ff685c19c10 _isindst 17 API calls 17573 7ff685c1d3e0 17572->17573 17574->17572 17576 7ff685c0ff7f 17575->17576 17582 7ff685c0ff6e 17575->17582 17577 7ff685c1c90c _fread_nolock 12 API calls 17576->17577 17576->17582 17578 7ff685c0ffb0 17577->17578 17579 7ff685c0ffc4 17578->17579 17580 7ff685c19c58 __free_lconv_mon 11 API calls 17578->17580 17581 7ff685c19c58 __free_lconv_mon 11 API calls 17579->17581 17580->17579 17581->17582 17582->17408 17584 7ff685c13a86 17583->17584 17586 7ff685c13a8e 17583->17586 17585 7ff685c13ae0 45 API calls 17584->17585 17585->17586 17586->17421 17588 7ff685c13b1f 17587->17588 17589 7ff685c1cce1 17587->17589 17591 7ff685c1cd34 17588->17591 17589->17588 17590 7ff685c22614 45 API calls 17589->17590 17590->17588 17592 7ff685c1cd4d 17591->17592 17593 7ff685c13b2f 17591->17593 17592->17593 17594 7ff685c21960 45 API calls 17592->17594 17593->17344 17594->17593 17598 7ff685c26098 17595->17598 17599 7ff685c260fc 17598->17599 17600 7ff685c0b870 _log10_special 8 API calls 17599->17600 17601 7ff685c1f3cd 17600->17601 17601->17445 17603 7ff685c1031d 17602->17603 17604 7ff685c1032f 17602->17604 17605 7ff685c143f4 _get_daylight 11 API calls 17603->17605 17607 7ff685c1033d 17604->17607 17611 7ff685c10379 17604->17611 17606 7ff685c10322 17605->17606 17608 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17606->17608 17609 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17607->17609 17610 7ff685c1032d 17608->17610 17609->17610 17610->17308 17612 7ff685c106f5 17611->17612 17614 7ff685c143f4 _get_daylight 11 API calls 17611->17614 17612->17610 17613 7ff685c143f4 _get_daylight 11 API calls 17612->17613 17615 7ff685c10989 17613->17615 17616 7ff685c106ea 17614->17616 17617 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17615->17617 17618 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17616->17618 17617->17610 17618->17612 17620 7ff685c0fa24 17619->17620 17649 7ff685c0f784 17620->17649 17622 7ff685c0fa3d 17622->16984 17661 7ff685c0f6dc 17623->17661 17627 7ff685c0277c 17626->17627 17628 7ff685c143f4 _get_daylight 11 API calls 17627->17628 17629 7ff685c02799 17628->17629 17675 7ff685c13ca4 17629->17675 17634 7ff685c01bf0 49 API calls 17635 7ff685c02807 17634->17635 17636 7ff685c086b0 2 API calls 17635->17636 17637 7ff685c0281f 17636->17637 17638 7ff685c02843 MessageBoxA 17637->17638 17639 7ff685c0282c MessageBoxW 17637->17639 17640 7ff685c02855 17638->17640 17639->17640 17641 7ff685c0b870 _log10_special 8 API calls 17640->17641 17642 7ff685c02865 17641->17642 17642->17013 17644 7ff685c0f439 17643->17644 17645 7ff685c01b06 17643->17645 17646 7ff685c143f4 _get_daylight 11 API calls 17644->17646 17645->17012 17645->17013 17647 7ff685c0f43e 17646->17647 17648 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17647->17648 17648->17645 17650 7ff685c0f7ee 17649->17650 17651 7ff685c0f7ae 17649->17651 17650->17651 17653 7ff685c0f7fa 17650->17653 17652 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17651->17652 17655 7ff685c0f7d5 17652->17655 17660 7ff685c1477c EnterCriticalSection 17653->17660 17655->17622 17662 7ff685c0f706 17661->17662 17673 7ff685c019b9 17661->17673 17663 7ff685c0f752 17662->17663 17664 7ff685c0f715 memcpy_s 17662->17664 17662->17673 17674 7ff685c1477c EnterCriticalSection 17663->17674 17667 7ff685c143f4 _get_daylight 11 API calls 17664->17667 17669 7ff685c0f72a 17667->17669 17671 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17669->17671 17671->17673 17673->16990 17673->16991 17678 7ff685c13cfe 17675->17678 17676 7ff685c13d23 17677 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17676->17677 17682 7ff685c13d4d 17677->17682 17678->17676 17679 7ff685c13d5f 17678->17679 17705 7ff685c11f30 17679->17705 17681 7ff685c13e3c 17684 7ff685c19c58 __free_lconv_mon 11 API calls 17681->17684 17683 7ff685c0b870 _log10_special 8 API calls 17682->17683 17685 7ff685c027d8 17683->17685 17684->17682 17693 7ff685c14480 17685->17693 17687 7ff685c13e60 17687->17681 17689 7ff685c13e6a 17687->17689 17688 7ff685c13e11 17690 7ff685c19c58 __free_lconv_mon 11 API calls 17688->17690 17692 7ff685c19c58 __free_lconv_mon 11 API calls 17689->17692 17690->17682 17691 7ff685c13e08 17691->17681 17691->17688 17692->17682 17694 7ff685c1a5d8 _get_daylight 11 API calls 17693->17694 17695 7ff685c14497 17694->17695 17696 7ff685c027df 17695->17696 17697 7ff685c1dea8 _get_daylight 11 API calls 17695->17697 17700 7ff685c144d7 17695->17700 17696->17634 17698 7ff685c144cc 17697->17698 17699 7ff685c19c58 __free_lconv_mon 11 API calls 17698->17699 17699->17700 17700->17696 17840 7ff685c1df30 17700->17840 17703 7ff685c19c10 _isindst 17 API calls 17704 7ff685c1451c 17703->17704 17706 7ff685c11f6e 17705->17706 17707 7ff685c11f5e 17705->17707 17708 7ff685c11f77 17706->17708 17715 7ff685c11fa5 17706->17715 17711 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17707->17711 17709 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17708->17709 17710 7ff685c11f9d 17709->17710 17710->17681 17710->17687 17710->17688 17710->17691 17711->17710 17712 7ff685c13ae0 45 API calls 17712->17715 17713 7ff685c12254 17717 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17713->17717 17715->17707 17715->17710 17715->17712 17715->17713 17719 7ff685c128c0 17715->17719 17745 7ff685c12588 17715->17745 17775 7ff685c11e10 17715->17775 17717->17707 17720 7ff685c12902 17719->17720 17721 7ff685c12975 17719->17721 17724 7ff685c12908 17720->17724 17725 7ff685c1299f 17720->17725 17722 7ff685c1297a 17721->17722 17723 7ff685c129cf 17721->17723 17726 7ff685c1297c 17722->17726 17727 7ff685c129af 17722->17727 17723->17725 17735 7ff685c129de 17723->17735 17743 7ff685c12938 17723->17743 17732 7ff685c1290d 17724->17732 17724->17735 17792 7ff685c10e70 17725->17792 17728 7ff685c1291d 17726->17728 17734 7ff685c1298b 17726->17734 17799 7ff685c10a60 17727->17799 17742 7ff685c12a0d 17728->17742 17778 7ff685c13224 17728->17778 17732->17728 17733 7ff685c12950 17732->17733 17732->17743 17733->17742 17788 7ff685c136e0 17733->17788 17734->17725 17737 7ff685c12990 17734->17737 17735->17742 17806 7ff685c11280 17735->17806 17740 7ff685c13878 37 API calls 17737->17740 17737->17742 17739 7ff685c0b870 _log10_special 8 API calls 17741 7ff685c12ca3 17739->17741 17740->17743 17741->17715 17742->17739 17743->17742 17813 7ff685c1db68 17743->17813 17746 7ff685c125a9 17745->17746 17747 7ff685c12593 17745->17747 17750 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17746->17750 17755 7ff685c125e7 17746->17755 17748 7ff685c12902 17747->17748 17749 7ff685c12975 17747->17749 17747->17755 17753 7ff685c12908 17748->17753 17754 7ff685c1299f 17748->17754 17751 7ff685c1297a 17749->17751 17752 7ff685c129cf 17749->17752 17750->17755 17756 7ff685c1297c 17751->17756 17757 7ff685c129af 17751->17757 17752->17754 17763 7ff685c129de 17752->17763 17773 7ff685c12938 17752->17773 17761 7ff685c1290d 17753->17761 17753->17763 17758 7ff685c10e70 38 API calls 17754->17758 17755->17715 17765 7ff685c1298b 17756->17765 17766 7ff685c1291d 17756->17766 17759 7ff685c10a60 38 API calls 17757->17759 17758->17773 17759->17773 17760 7ff685c13224 47 API calls 17760->17773 17762 7ff685c12950 17761->17762 17761->17766 17761->17773 17767 7ff685c136e0 47 API calls 17762->17767 17774 7ff685c12a0d 17762->17774 17764 7ff685c11280 38 API calls 17763->17764 17763->17774 17764->17773 17765->17754 17768 7ff685c12990 17765->17768 17766->17760 17766->17774 17767->17773 17770 7ff685c13878 37 API calls 17768->17770 17768->17774 17769 7ff685c0b870 _log10_special 8 API calls 17771 7ff685c12ca3 17769->17771 17770->17773 17771->17715 17772 7ff685c1db68 47 API calls 17772->17773 17773->17772 17773->17774 17774->17769 17823 7ff685c10034 17775->17823 17779 7ff685c13246 17778->17779 17780 7ff685c0fea0 12 API calls 17779->17780 17781 7ff685c1328e 17780->17781 17782 7ff685c1d880 46 API calls 17781->17782 17783 7ff685c13361 17782->17783 17784 7ff685c13ae0 45 API calls 17783->17784 17786 7ff685c13383 17783->17786 17784->17786 17785 7ff685c13ae0 45 API calls 17787 7ff685c1340c 17785->17787 17786->17785 17786->17786 17786->17787 17787->17743 17789 7ff685c136f8 17788->17789 17791 7ff685c13760 17788->17791 17790 7ff685c1db68 47 API calls 17789->17790 17789->17791 17790->17791 17791->17743 17793 7ff685c10ea3 17792->17793 17794 7ff685c10ed2 17793->17794 17796 7ff685c10f8f 17793->17796 17795 7ff685c0fea0 12 API calls 17794->17795 17798 7ff685c10f0f 17794->17798 17795->17798 17797 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17796->17797 17797->17798 17798->17743 17800 7ff685c10a93 17799->17800 17801 7ff685c10ac2 17800->17801 17803 7ff685c10b7f 17800->17803 17802 7ff685c0fea0 12 API calls 17801->17802 17805 7ff685c10aff 17801->17805 17802->17805 17804 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17803->17804 17804->17805 17805->17743 17807 7ff685c112b3 17806->17807 17808 7ff685c112e2 17807->17808 17810 7ff685c1139f 17807->17810 17809 7ff685c0fea0 12 API calls 17808->17809 17812 7ff685c1131f 17808->17812 17809->17812 17811 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17810->17811 17811->17812 17812->17743 17814 7ff685c1db90 17813->17814 17815 7ff685c1dbbe memcpy_s 17814->17815 17817 7ff685c13ae0 45 API calls 17814->17817 17818 7ff685c1dbd5 17814->17818 17821 7ff685c1db95 memcpy_s 17814->17821 17816 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17815->17816 17815->17821 17816->17821 17817->17818 17818->17815 17819 7ff685c1faf8 WideCharToMultiByte 17818->17819 17818->17821 17820 7ff685c1dcb1 17819->17820 17820->17821 17822 7ff685c1dcc6 GetLastError 17820->17822 17821->17743 17822->17815 17822->17821 17824 7ff685c10061 17823->17824 17825 7ff685c10073 17823->17825 17826 7ff685c143f4 _get_daylight 11 API calls 17824->17826 17828 7ff685c10080 17825->17828 17831 7ff685c100bd 17825->17831 17827 7ff685c10066 17826->17827 17829 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17827->17829 17830 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 17828->17830 17837 7ff685c10071 17829->17837 17830->17837 17832 7ff685c10166 17831->17832 17833 7ff685c143f4 _get_daylight 11 API calls 17831->17833 17834 7ff685c143f4 _get_daylight 11 API calls 17832->17834 17832->17837 17835 7ff685c1015b 17833->17835 17836 7ff685c10210 17834->17836 17838 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17835->17838 17839 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17836->17839 17837->17715 17838->17832 17839->17837 17844 7ff685c1df4d 17840->17844 17841 7ff685c1df52 17842 7ff685c144fd 17841->17842 17843 7ff685c143f4 _get_daylight 11 API calls 17841->17843 17842->17696 17842->17703 17845 7ff685c1df5c 17843->17845 17844->17841 17844->17842 17847 7ff685c1df9c 17844->17847 17846 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17845->17846 17846->17842 17847->17842 17848 7ff685c143f4 _get_daylight 11 API calls 17847->17848 17848->17845 17850 7ff685c17568 17849->17850 17851 7ff685c17555 17849->17851 17859 7ff685c171cc 17850->17859 17852 7ff685c143f4 _get_daylight 11 API calls 17851->17852 17855 7ff685c1755a 17852->17855 17857 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 17855->17857 17856 7ff685c17566 17856->17031 17857->17856 17866 7ff685c1f5e8 EnterCriticalSection 17859->17866 17868 7ff685c07c13 __std_exception_destroy 17867->17868 17869 7ff685c07b91 GetTokenInformation 17867->17869 17871 7ff685c07c2c 17868->17871 17872 7ff685c07c26 CloseHandle 17868->17872 17870 7ff685c07bb2 GetLastError 17869->17870 17873 7ff685c07bbd 17869->17873 17870->17868 17870->17873 17871->17040 17872->17871 17873->17868 17874 7ff685c07bd9 GetTokenInformation 17873->17874 17874->17868 17875 7ff685c07bfc 17874->17875 17875->17868 17876 7ff685c07c06 ConvertSidToStringSidW 17875->17876 17876->17868 17878 7ff685c0297a 17877->17878 18053 7ff685c03f70 108 API calls 18052->18053 18054 7ff685c01463 18053->18054 18055 7ff685c0148c 18054->18055 18056 7ff685c0146b 18054->18056 18058 7ff685c0f9f4 73 API calls 18055->18058 18057 7ff685c025f0 53 API calls 18056->18057 18059 7ff685c0147b 18057->18059 18060 7ff685c014a1 18058->18060 18059->17099 18061 7ff685c014a5 18060->18061 18062 7ff685c014c1 18060->18062 18063 7ff685c02760 53 API calls 18061->18063 18064 7ff685c014f1 18062->18064 18065 7ff685c014d1 18062->18065 18071 7ff685c014bc __std_exception_destroy 18063->18071 18068 7ff685c014f7 18064->18068 18073 7ff685c0150a 18064->18073 18066 7ff685c02760 53 API calls 18065->18066 18066->18071 18067 7ff685c0f36c 74 API calls 18069 7ff685c01584 18067->18069 18076 7ff685c011f0 18068->18076 18069->17099 18071->18067 18072 7ff685c0f6bc _fread_nolock 53 API calls 18072->18073 18073->18071 18073->18072 18074 7ff685c01596 18073->18074 18075 7ff685c02760 53 API calls 18074->18075 18075->18071 18077 7ff685c01248 18076->18077 18078 7ff685c0124f 18077->18078 18079 7ff685c01277 18077->18079 18080 7ff685c025f0 53 API calls 18078->18080 18082 7ff685c01291 18079->18082 18083 7ff685c012ad 18079->18083 18081 7ff685c01262 18080->18081 18081->18071 18084 7ff685c02760 53 API calls 18082->18084 18085 7ff685c012bf 18083->18085 18092 7ff685c012db memcpy_s 18083->18092 18114 7ff685c03f1a 18113->18114 18115 7ff685c086b0 2 API calls 18114->18115 18116 7ff685c03f3f 18115->18116 18117 7ff685c0b870 _log10_special 8 API calls 18116->18117 18118 7ff685c03f67 18117->18118 18118->17124 18120 7ff685c0753e 18119->18120 18121 7ff685c07662 18120->18121 18122 7ff685c01bf0 49 API calls 18120->18122 18123 7ff685c0b870 _log10_special 8 API calls 18121->18123 18127 7ff685c075c5 18122->18127 18124 7ff685c07693 18123->18124 18124->17124 18125 7ff685c01bf0 49 API calls 18125->18127 18126 7ff685c03f10 10 API calls 18126->18127 18127->18121 18127->18125 18127->18126 18128 7ff685c0761b 18127->18128 18129 7ff685c086b0 2 API calls 18128->18129 18130 7ff685c07633 CreateDirectoryW 18129->18130 18130->18121 18130->18127 18132 7ff685c015d3 18131->18132 18133 7ff685c015f7 18131->18133 18220 7ff685c01050 18132->18220 18134 7ff685c03f70 108 API calls 18133->18134 18136 7ff685c0160b 18134->18136 18139 7ff685c01613 18136->18139 18140 7ff685c0163b 18136->18140 18137 7ff685c015d8 18138 7ff685c015ee 18137->18138 18141 7ff685c025f0 53 API calls 18137->18141 18138->17124 18142 7ff685c02760 53 API calls 18139->18142 18143 7ff685c03f70 108 API calls 18140->18143 18141->18138 18144 7ff685c0162a 18142->18144 18145 7ff685c0164f 18143->18145 18144->17124 18146 7ff685c01671 18145->18146 18147 7ff685c01657 18145->18147 18148 7ff685c0f9f4 73 API calls 18146->18148 18149 7ff685c025f0 53 API calls 18147->18149 18170 7ff685c06904 18169->18170 18171 7ff685c0694b 18169->18171 18170->18171 18259 7ff685c14250 18170->18259 18171->17124 18174 7ff685c03b51 18173->18174 18175 7ff685c03e90 49 API calls 18174->18175 18176 7ff685c03b8b 18175->18176 18177 7ff685c03e90 49 API calls 18176->18177 18178 7ff685c03b9b 18177->18178 18179 7ff685c03bbd 18178->18179 18180 7ff685c03bec 18178->18180 18274 7ff685c03ac0 18179->18274 18182 7ff685c03ac0 51 API calls 18180->18182 18183 7ff685c03bea 18182->18183 18184 7ff685c03c4c 18183->18184 18185 7ff685c03c17 18183->18185 18218 7ff685c01bf0 49 API calls 18217->18218 18219 7ff685c03e24 18218->18219 18219->17124 18219->18219 18221 7ff685c03f70 108 API calls 18220->18221 18222 7ff685c0108b 18221->18222 18223 7ff685c01093 18222->18223 18224 7ff685c010a8 18222->18224 18226 7ff685c025f0 53 API calls 18223->18226 18225 7ff685c0f9f4 73 API calls 18224->18225 18227 7ff685c010bd 18225->18227 18230 7ff685c010a3 __std_exception_destroy 18226->18230 18228 7ff685c010c1 18227->18228 18229 7ff685c010dd 18227->18229 18230->18137 18260 7ff685c1428a 18259->18260 18261 7ff685c1425d 18259->18261 18263 7ff685c142ad 18260->18263 18264 7ff685c142c9 18260->18264 18262 7ff685c143f4 _get_daylight 11 API calls 18261->18262 18270 7ff685c14214 18261->18270 18265 7ff685c14267 18262->18265 18266 7ff685c143f4 _get_daylight 11 API calls 18263->18266 18268 7ff685c14178 45 API calls 18264->18268 18269 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 18265->18269 18267 7ff685c142b2 18266->18267 18271 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 18267->18271 18273 7ff685c142bd 18268->18273 18272 7ff685c14272 18269->18272 18270->18170 18271->18273 18272->18170 18273->18170 18275 7ff685c03ae6 18274->18275 18338 7ff685c151d8 18337->18338 18339 7ff685c151fe 18338->18339 18342 7ff685c15231 18338->18342 18340 7ff685c143f4 _get_daylight 11 API calls 18339->18340 18341 7ff685c15203 18340->18341 18343 7ff685c19bf0 _invalid_parameter_noinfo 37 API calls 18341->18343 18344 7ff685c15237 18342->18344 18345 7ff685c15244 18342->18345 18347 7ff685c03fc6 18343->18347 18348 7ff685c143f4 _get_daylight 11 API calls 18344->18348 18356 7ff685c19f38 18345->18356 18347->17151 18348->18347 18369 7ff685c1f5e8 EnterCriticalSection 18356->18369 18729 7ff685c16c08 18728->18729 18732 7ff685c166e4 18729->18732 18731 7ff685c16c21 18731->17161 18733 7ff685c1672e 18732->18733 18734 7ff685c166ff 18732->18734 18742 7ff685c1477c EnterCriticalSection 18733->18742 18735 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 18734->18735 18738 7ff685c1671f 18735->18738 18738->18731 18744 7ff685c0f191 18743->18744 18745 7ff685c0f163 18743->18745 18752 7ff685c0f183 18744->18752 18753 7ff685c1477c EnterCriticalSection 18744->18753 18746 7ff685c19b24 _invalid_parameter_noinfo 37 API calls 18745->18746 18746->18752 18752->17165 18755 7ff685c086b0 2 API calls 18754->18755 18756 7ff685c081b4 LoadLibraryExW 18755->18756 18757 7ff685c081d3 __std_exception_destroy 18756->18757 18757->17195 18759 7ff685c06ef3 GetProcAddress 18758->18759 18760 7ff685c06ec9 18758->18760 18759->18760 18761 7ff685c06f18 GetProcAddress 18759->18761 18762 7ff685c029e0 51 API calls 18760->18762 18761->18760 18763 7ff685c06f3d GetProcAddress 18761->18763 18764 7ff685c06ee3 18762->18764 18763->18760 18764->17201 18824 7ff685c05b05 18823->18824 18825 7ff685c01bf0 49 API calls 18824->18825 18826 7ff685c05b41 18825->18826 18827 7ff685c05b6d 18826->18827 18828 7ff685c05b4a 18826->18828 18830 7ff685c03fe0 49 API calls 18827->18830 18829 7ff685c025f0 53 API calls 18828->18829 18831 7ff685c05b63 18829->18831 18832 7ff685c05b85 18830->18832 18836 7ff685c0b870 _log10_special 8 API calls 18831->18836 18833 7ff685c05ba3 18832->18833 18834 7ff685c025f0 53 API calls 18832->18834 18835 7ff685c03f10 10 API calls 18833->18835 18834->18833 18837 7ff685c05bad 18835->18837 18838 7ff685c0308e 18836->18838 18839 7ff685c05bbb 18837->18839 18840 7ff685c081a0 3 API calls 18837->18840 18838->17230 18854 7ff685c05c80 18838->18854 18841 7ff685c03fe0 49 API calls 18839->18841 18840->18839 18842 7ff685c05bd4 18841->18842 18843 7ff685c05bf9 18842->18843 18844 7ff685c05bd9 18842->18844 18846 7ff685c081a0 3 API calls 18843->18846 18845 7ff685c025f0 53 API calls 18844->18845 18845->18831 18847 7ff685c05c06 18846->18847 18993 7ff685c04c80 18854->18993 18856 7ff685c05cba 18857 7ff685c05cd3 18856->18857 18858 7ff685c05cc2 18856->18858 19000 7ff685c04450 18857->19000 18859 7ff685c025f0 53 API calls 18858->18859 18996 7ff685c04cac 18993->18996 18994 7ff685c04cb4 18994->18856 18995 7ff685c04e54 18997 7ff685c05017 __std_exception_destroy 18995->18997 18998 7ff685c04180 47 API calls 18995->18998 18996->18994 18996->18995 19031 7ff685c15db4 18996->19031 18997->18856 18998->18995 19032 7ff685c15de4 19031->19032 19035 7ff685c152b0 19032->19035 19036 7ff685c152e1 19035->19036 19037 7ff685c152f3 19035->19037 19038 7ff685c143f4 _get_daylight 11 API calls 19036->19038 19096->17239 19445 7ff685c1a2e0 19446 7ff685c1a2fa 19445->19446 19447 7ff685c1a2e5 19445->19447 19451 7ff685c1a300 19447->19451 19452 7ff685c1a34a 19451->19452 19453 7ff685c1a342 19451->19453 19454 7ff685c19c58 __free_lconv_mon 11 API calls 19452->19454 19455 7ff685c19c58 __free_lconv_mon 11 API calls 19453->19455 19456 7ff685c1a357 19454->19456 19455->19452 19457 7ff685c19c58 __free_lconv_mon 11 API calls 19456->19457 19458 7ff685c1a364 19457->19458 19459 7ff685c19c58 __free_lconv_mon 11 API calls 19458->19459 19460 7ff685c1a371 19459->19460 19461 7ff685c19c58 __free_lconv_mon 11 API calls 19460->19461 19462 7ff685c1a37e 19461->19462 19463 7ff685c19c58 __free_lconv_mon 11 API calls 19462->19463 19464 7ff685c1a38b 19463->19464 19465 7ff685c19c58 __free_lconv_mon 11 API calls 19464->19465 19466 7ff685c1a398 19465->19466 19467 7ff685c19c58 __free_lconv_mon 11 API calls 19466->19467 19468 7ff685c1a3a5 19467->19468 19469 7ff685c19c58 __free_lconv_mon 11 API calls 19468->19469 19470 7ff685c1a3b5 19469->19470 19471 7ff685c19c58 __free_lconv_mon 11 API calls 19470->19471 19472 7ff685c1a3c5 19471->19472 19477 7ff685c1a1a4 19472->19477 19491 7ff685c1f5e8 EnterCriticalSection 19477->19491 20140 7ff685c19060 20143 7ff685c18fe4 20140->20143 20150 7ff685c1f5e8 EnterCriticalSection 20143->20150

                                                  Executed Functions

                                                  Function 00007FF685C01000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 7ff685c01000-7ff685c03536 call 7ff685c0f138 call 7ff685c0f140 call 7ff685c0bb70 call 7ff685c14700 call 7ff685c14794 call 7ff685c033e0 14 7ff685c03544-7ff685c03566 call 7ff685c018f0 0->14 15 7ff685c03538-7ff685c0353f 0->15 20 7ff685c0356c-7ff685c03583 call 7ff685c01bf0 14->20 21 7ff685c03736-7ff685c0374c call 7ff685c03f70 14->21 16 7ff685c0371a-7ff685c03735 call 7ff685c0b870 15->16 26 7ff685c03588-7ff685c035c1 20->26 27 7ff685c03785-7ff685c0379a call 7ff685c025f0 21->27 28 7ff685c0374e-7ff685c0377b call 7ff685c076a0 21->28 29 7ff685c03653-7ff685c0366d call 7ff685c07e10 26->29 30 7ff685c035c7-7ff685c035cb 26->30 44 7ff685c03712 27->44 41 7ff685c0379f-7ff685c037be call 7ff685c01bf0 28->41 42 7ff685c0377d-7ff685c03780 call 7ff685c0f36c 28->42 45 7ff685c03695-7ff685c0369c 29->45 46 7ff685c0366f-7ff685c03675 29->46 34 7ff685c035cd-7ff685c035e5 call 7ff685c14560 30->34 35 7ff685c03638-7ff685c0364d call 7ff685c018e0 30->35 52 7ff685c035f2-7ff685c0360a call 7ff685c14560 34->52 53 7ff685c035e7-7ff685c035eb 34->53 35->29 35->30 63 7ff685c037c1-7ff685c037ca 41->63 42->27 44->16 54 7ff685c03844-7ff685c03863 call 7ff685c03e90 45->54 55 7ff685c036a2-7ff685c036c0 call 7ff685c07e10 call 7ff685c07f80 45->55 50 7ff685c03682-7ff685c03690 call 7ff685c1415c 46->50 51 7ff685c03677-7ff685c03680 46->51 50->45 51->50 69 7ff685c0360c-7ff685c03610 52->69 70 7ff685c03617-7ff685c0362f call 7ff685c14560 52->70 53->52 66 7ff685c03865-7ff685c0386f call 7ff685c03fe0 54->66 67 7ff685c03871-7ff685c03882 call 7ff685c01bf0 54->67 78 7ff685c0380f-7ff685c0381e call 7ff685c08400 55->78 79 7ff685c036c6-7ff685c036c9 55->79 63->63 68 7ff685c037cc-7ff685c037e9 call 7ff685c018f0 63->68 81 7ff685c03887-7ff685c038a1 call 7ff685c086b0 66->81 67->81 68->26 82 7ff685c037ef-7ff685c03800 call 7ff685c025f0 68->82 69->70 70->35 83 7ff685c03631 70->83 93 7ff685c03820 78->93 94 7ff685c0382c-7ff685c0382f call 7ff685c07c40 78->94 79->78 84 7ff685c036cf-7ff685c036f6 call 7ff685c01bf0 79->84 95 7ff685c038a3 81->95 96 7ff685c038af-7ff685c038c1 SetDllDirectoryW 81->96 82->44 83->35 97 7ff685c03805-7ff685c0380d call 7ff685c1415c 84->97 98 7ff685c036fc-7ff685c03703 call 7ff685c025f0 84->98 93->94 106 7ff685c03834-7ff685c03836 94->106 95->96 100 7ff685c038c3-7ff685c038ca 96->100 101 7ff685c038d0-7ff685c038ec call 7ff685c06560 call 7ff685c06b00 96->101 97->81 109 7ff685c03708-7ff685c0370a 98->109 100->101 102 7ff685c03a50-7ff685c03a58 100->102 118 7ff685c038ee-7ff685c038f4 101->118 119 7ff685c03947-7ff685c0394a call 7ff685c06510 101->119 110 7ff685c03a7d-7ff685c03aaf call 7ff685c033d0 call 7ff685c03080 call 7ff685c033a0 call 7ff685c06780 call 7ff685c06510 102->110 111 7ff685c03a5a-7ff685c03a77 PostMessageW GetMessageW 102->111 106->81 112 7ff685c03838 106->112 109->44 111->110 112->54 121 7ff685c0390e-7ff685c03918 call 7ff685c06970 118->121 122 7ff685c038f6-7ff685c03903 call 7ff685c065a0 118->122 126 7ff685c0394f-7ff685c03956 119->126 135 7ff685c03923-7ff685c03931 call 7ff685c06cd0 121->135 136 7ff685c0391a-7ff685c03921 121->136 122->121 133 7ff685c03905-7ff685c0390c 122->133 126->102 130 7ff685c0395c-7ff685c03966 call 7ff685c030e0 126->130 130->109 144 7ff685c0396c-7ff685c03980 call 7ff685c083e0 130->144 138 7ff685c0393a-7ff685c03942 call 7ff685c02870 call 7ff685c06780 133->138 135->126 145 7ff685c03933 135->145 136->138 138->119 151 7ff685c039a5-7ff685c039e1 call 7ff685c07f20 call 7ff685c07fc0 call 7ff685c06780 call 7ff685c06510 call 7ff685c07ec0 144->151 152 7ff685c03982-7ff685c0399f PostMessageW GetMessageW 144->152 145->138 162 7ff685c039e6-7ff685c039e8 151->162 152->151 163 7ff685c03a3d-7ff685c03a4b call 7ff685c018a0 162->163 164 7ff685c039ea-7ff685c03a00 call 7ff685c081f0 call 7ff685c07ec0 162->164 163->109 164->163 171 7ff685c03a02-7ff685c03a10 164->171 172 7ff685c03a12-7ff685c03a2c call 7ff685c025f0 call 7ff685c018a0 171->172 173 7ff685c03a31-7ff685c03a38 call 7ff685c02870 171->173 172->109 173->163
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileModuleName
                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                  • API String ID: 514040917-585287483
                                                  • Opcode ID: f063c1712e87279c77d8887c1389ef7552d407f6137c2a3eae29b16cd546fbe9
                                                  • Instruction ID: fdb6b24ba00e4005089ad014560616927ca41d7e123481de18d32a50b7bce4f0
                                                  • Opcode Fuzzy Hash: f063c1712e87279c77d8887c1389ef7552d407f6137c2a3eae29b16cd546fbe9
                                                  • Instruction Fuzzy Hash: 2EF180A3A08682D1FA18DB22D5542F96671BF54FA4F84403FDA1DC36D6EF2CE958CB40
                                                  Function 00007FF685C25C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 335 7ff685c25c74-7ff685c25ce7 call 7ff685c259a8 338 7ff685c25ce9-7ff685c25cf2 call 7ff685c143d4 335->338 339 7ff685c25d01-7ff685c25d0b call 7ff685c17830 335->339 346 7ff685c25cf5-7ff685c25cfc call 7ff685c143f4 338->346 344 7ff685c25d26-7ff685c25d8f CreateFileW 339->344 345 7ff685c25d0d-7ff685c25d24 call 7ff685c143d4 call 7ff685c143f4 339->345 348 7ff685c25e0c-7ff685c25e17 GetFileType 344->348 349 7ff685c25d91-7ff685c25d97 344->349 345->346 357 7ff685c26042-7ff685c26062 346->357 351 7ff685c25e19-7ff685c25e54 GetLastError call 7ff685c14368 CloseHandle 348->351 352 7ff685c25e6a-7ff685c25e71 348->352 354 7ff685c25dd9-7ff685c25e07 GetLastError call 7ff685c14368 349->354 355 7ff685c25d99-7ff685c25d9d 349->355 351->346 369 7ff685c25e5a-7ff685c25e65 call 7ff685c143f4 351->369 360 7ff685c25e79-7ff685c25e7c 352->360 361 7ff685c25e73-7ff685c25e77 352->361 354->346 355->354 362 7ff685c25d9f-7ff685c25dd7 CreateFileW 355->362 366 7ff685c25e82-7ff685c25ed7 call 7ff685c17748 360->366 367 7ff685c25e7e 360->367 361->366 362->348 362->354 374 7ff685c25ef6-7ff685c25f27 call 7ff685c25728 366->374 375 7ff685c25ed9-7ff685c25ee5 call 7ff685c25bb0 366->375 367->366 369->346 381 7ff685c25f29-7ff685c25f2b 374->381 382 7ff685c25f2d-7ff685c25f6f 374->382 375->374 380 7ff685c25ee7 375->380 383 7ff685c25ee9-7ff685c25ef1 call 7ff685c19dd0 380->383 381->383 384 7ff685c25f91-7ff685c25f9c 382->384 385 7ff685c25f71-7ff685c25f75 382->385 383->357 388 7ff685c26040 384->388 389 7ff685c25fa2-7ff685c25fa6 384->389 385->384 387 7ff685c25f77-7ff685c25f8c 385->387 387->384 388->357 389->388 391 7ff685c25fac-7ff685c25ff1 CloseHandle CreateFileW 389->391 392 7ff685c26026-7ff685c2603b 391->392 393 7ff685c25ff3-7ff685c26021 GetLastError call 7ff685c14368 call 7ff685c17970 391->393 392->388 393->392
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                  • String ID:
                                                  • API String ID: 1617910340-0
                                                  • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                  • Instruction ID: 86236c873a7d169ca885318009745872f3095ea8f493957e04aae75363a50714
                                                  • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                  • Instruction Fuzzy Hash: 04C19F37B28A45C6EB10CF69C4906AD3771FB49FA8B41222DDA1E9B794DF38E855C700
                                                  Function 00007FF685C079B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • FindFirstFileW.KERNELBASE(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07A1B
                                                  • RemoveDirectoryW.KERNEL32(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07A9E
                                                  • DeleteFileW.KERNELBASE(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07ABD
                                                  • FindNextFileW.KERNELBASE(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07ACB
                                                  • FindClose.KERNEL32(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07ADC
                                                  • RemoveDirectoryW.KERNELBASE(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07AE5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                  • String ID: %s\*
                                                  • API String ID: 1057558799-766152087
                                                  • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                  • Instruction ID: 8871c075481fb1f84c0d2d0642ac1adbdcabf9b485e2abb42c806a2c848e6d61
                                                  • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                  • Instruction Fuzzy Hash: B5417F62A0C952D1EE249B24E4445B963B1FFA8F64F44163ED59DC3694DF2CEE4ACF00
                                                  Function 00007FF685C085A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                  • Instruction ID: 1c17b4fdc4b10956ef4ca49e422e176be7229b82a3a3e914d5c385cefa59c463
                                                  • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                  • Instruction Fuzzy Hash: 13F0A463A18641C6F7608B60F44836673A0BF44B38F04433ED96D426D4CF3CE458CE00
                                                  Function 00007FF685C1FBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentFeaturePresentProcessProcessor
                                                  • String ID:
                                                  • API String ID: 1010374628-0
                                                  • Opcode ID: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                  • Instruction ID: 47ac55dc702450210c9b7ea520119ff38b99165835ee55c60b7301623d3e98b3
                                                  • Opcode Fuzzy Hash: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                  • Instruction Fuzzy Hash: 6D02CB23B59A86C0FA61AB11E45027A26B4BF05FB0F54563EDD6DC63D2DE3CAC01CB10
                                                  Function 00007FF685C018F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 179 7ff685c018f0-7ff685c0192b call 7ff685c03f70 182 7ff685c01bc1-7ff685c01be5 call 7ff685c0b870 179->182 183 7ff685c01931-7ff685c01971 call 7ff685c076a0 179->183 188 7ff685c01bae-7ff685c01bb1 call 7ff685c0f36c 183->188 189 7ff685c01977-7ff685c01987 call 7ff685c0f9f4 183->189 193 7ff685c01bb6-7ff685c01bbe 188->193 194 7ff685c019a1-7ff685c019bd call 7ff685c0f6bc 189->194 195 7ff685c01989-7ff685c0199c call 7ff685c02760 189->195 193->182 200 7ff685c019bf-7ff685c019d2 call 7ff685c02760 194->200 201 7ff685c019d7-7ff685c019ec call 7ff685c14154 194->201 195->188 200->188 206 7ff685c019ee-7ff685c01a01 call 7ff685c02760 201->206 207 7ff685c01a06-7ff685c01a87 call 7ff685c01bf0 * 2 call 7ff685c0f9f4 201->207 206->188 215 7ff685c01a8c-7ff685c01a9f call 7ff685c14170 207->215 218 7ff685c01aa1-7ff685c01ab4 call 7ff685c02760 215->218 219 7ff685c01ab9-7ff685c01ad2 call 7ff685c0f6bc 215->219 218->188 224 7ff685c01ad4-7ff685c01ae7 call 7ff685c02760 219->224 225 7ff685c01aec-7ff685c01b08 call 7ff685c0f430 219->225 224->188 230 7ff685c01b1b-7ff685c01b29 225->230 231 7ff685c01b0a-7ff685c01b16 call 7ff685c025f0 225->231 230->188 233 7ff685c01b2f-7ff685c01b3e 230->233 231->188 235 7ff685c01b40-7ff685c01b46 233->235 236 7ff685c01b60-7ff685c01b6f 235->236 237 7ff685c01b48-7ff685c01b55 235->237 236->236 238 7ff685c01b71-7ff685c01b7a 236->238 237->238 239 7ff685c01b8f 238->239 240 7ff685c01b7c-7ff685c01b7f 238->240 242 7ff685c01b91-7ff685c01bac 239->242 240->239 241 7ff685c01b81-7ff685c01b84 240->241 241->239 243 7ff685c01b86-7ff685c01b89 241->243 242->188 242->235 243->239 244 7ff685c01b8b-7ff685c01b8d 243->244 244->242
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _fread_nolock$Message
                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                  • API String ID: 677216364-3497178890
                                                  • Opcode ID: 0d474d14ba58075040c533f230b2d5aae2fc5eeefadded387c7c9032356a4491
                                                  • Instruction ID: 119fffceafd3767b07175ec80319a2a318aae023ceb92bbed4ee5209f7479110
                                                  • Opcode Fuzzy Hash: 0d474d14ba58075040c533f230b2d5aae2fc5eeefadded387c7c9032356a4491
                                                  • Instruction Fuzzy Hash: BD7183A3A18686C5EB20DB14D8502B963B0FF88FA4F44503ED98DC7699EF6CE944CF40
                                                  Function 00007FF685C015C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 245 7ff685c015c0-7ff685c015d1 246 7ff685c015d3-7ff685c015dc call 7ff685c01050 245->246 247 7ff685c015f7-7ff685c01611 call 7ff685c03f70 245->247 252 7ff685c015ee-7ff685c015f6 246->252 253 7ff685c015de-7ff685c015e9 call 7ff685c025f0 246->253 254 7ff685c01613-7ff685c0163a call 7ff685c02760 247->254 255 7ff685c0163b-7ff685c01655 call 7ff685c03f70 247->255 253->252 261 7ff685c01671-7ff685c01688 call 7ff685c0f9f4 255->261 262 7ff685c01657-7ff685c0166c call 7ff685c025f0 255->262 267 7ff685c016ab-7ff685c016af 261->267 268 7ff685c0168a-7ff685c016a6 call 7ff685c02760 261->268 269 7ff685c017c5-7ff685c017c8 call 7ff685c0f36c 262->269 271 7ff685c016b1-7ff685c016bd call 7ff685c011f0 267->271 272 7ff685c016c9-7ff685c016e9 call 7ff685c14170 267->272 278 7ff685c017bd-7ff685c017c0 call 7ff685c0f36c 268->278 276 7ff685c017cd-7ff685c017df 269->276 279 7ff685c016c2-7ff685c016c4 271->279 282 7ff685c0170c-7ff685c01717 272->282 283 7ff685c016eb-7ff685c01707 call 7ff685c02760 272->283 278->269 279->278 284 7ff685c0171d-7ff685c01726 282->284 285 7ff685c017a6-7ff685c017ae call 7ff685c1415c 282->285 292 7ff685c017b3-7ff685c017b8 283->292 288 7ff685c01730-7ff685c01752 call 7ff685c0f6bc 284->288 285->292 294 7ff685c01785-7ff685c0178c 288->294 295 7ff685c01754-7ff685c0176c call 7ff685c0fdfc 288->295 292->278 297 7ff685c01793-7ff685c0179c call 7ff685c02760 294->297 300 7ff685c01775-7ff685c01783 295->300 301 7ff685c0176e-7ff685c01771 295->301 304 7ff685c017a1 297->304 300->297 301->288 303 7ff685c01773 301->303 303->304 304->285
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                  • API String ID: 2030045667-1550345328
                                                  • Opcode ID: 0340c05b23ef311e6c40d78d6d9d57b5b661bafa83ef60bb1b9284922687f3de
                                                  • Instruction ID: d78f21c400ed51210910d28036fc41c359cf374a476acdb7f13e40307f261449
                                                  • Opcode Fuzzy Hash: 0340c05b23ef311e6c40d78d6d9d57b5b661bafa83ef60bb1b9284922687f3de
                                                  • Instruction Fuzzy Hash: FA517DA6B08643D2EA109B15E8405B967B0BF44FF8F44513EEE0C87A96EF3CE954CB40
                                                  Function 00007FF685C07FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                  • String ID: CreateProcessW$Failed to create child process!
                                                  • API String ID: 2895956056-699529898
                                                  • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                  • Instruction ID: 65c86dea5ac9955d3aaf635590593dcea5de7b7204374136b13eb37b1bac225b
                                                  • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                  • Instruction Fuzzy Hash: 03411D72A08B82C1DA209B65E4452AA62B1FF89B74F50133DE6AD877D5DF7CD444CF40
                                                  Function 00007FF685C011F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                  • API String ID: 2030045667-2813020118
                                                  • Opcode ID: a3629aa16b2bf4226d63d046932eab8e2b7a9c7a4f48f2e716c054c0a2a071a0
                                                  • Instruction ID: 27a8e88437428609cc757d8701d0ef7f7e11fb5f1d6ff42ec87538483df27bdf
                                                  • Opcode Fuzzy Hash: a3629aa16b2bf4226d63d046932eab8e2b7a9c7a4f48f2e716c054c0a2a071a0
                                                  • Instruction Fuzzy Hash: E051B1A3A08642C5EA609B15E8403BAA6A1FF44FE4F44513EED4DC7BD5EE3CE941CB00
                                                  Function 00007FF685C1E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF685C1E3BA,?,?,-00000018,00007FF685C1A063,?,?,?,00007FF685C19F5A,?,?,?,00007FF685C1524E), ref: 00007FF685C1E19C
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF685C1E3BA,?,?,-00000018,00007FF685C1A063,?,?,?,00007FF685C19F5A,?,?,?,00007FF685C1524E), ref: 00007FF685C1E1A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeLibraryProc
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 3013587201-537541572
                                                  • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                  • Instruction ID: 3fd8a50dea5c03ef70429fabbad0518b27502ff97ab74fc3caaf9298f068c6fc
                                                  • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                  • Instruction Fuzzy Hash: 9A41B163B59602C2EA168F16E8006B526A2BF48FB4F59413EDD1DDB785EE3CEC05CB00
                                                  Function 00007FF685C07C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF685C03834), ref: 00007FF685C07CE4
                                                  • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF685C03834), ref: 00007FF685C07D2C
                                                    • Part of subcall function 00007FF685C07E10: GetEnvironmentVariableW.KERNEL32(00007FF685C0365F), ref: 00007FF685C07E47
                                                    • Part of subcall function 00007FF685C07E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF685C07E69
                                                    • Part of subcall function 00007FF685C17548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C17561
                                                    • Part of subcall function 00007FF685C026C0: MessageBoxW.USER32 ref: 00007FF685C02736
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                  • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                  • API String ID: 740614611-1339014028
                                                  • Opcode ID: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                  • Instruction ID: 60e26b9eb6fe8b5aa73155cde303b67fe13cc0193fd719ce701e787352c5056a
                                                  • Opcode Fuzzy Hash: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                  • Instruction Fuzzy Hash: 15418E53A09642C1EA24AB21D9512F922B1BF69FA0F50513EED0DC7796EE3CED05CF40
                                                  Function 00007FF685C1AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 572 7ff685c1ad6c-7ff685c1ad92 573 7ff685c1adad-7ff685c1adb1 572->573 574 7ff685c1ad94-7ff685c1ada8 call 7ff685c143d4 call 7ff685c143f4 572->574 576 7ff685c1b187-7ff685c1b193 call 7ff685c143d4 call 7ff685c143f4 573->576 577 7ff685c1adb7-7ff685c1adbe 573->577 590 7ff685c1b19e 574->590 596 7ff685c1b199 call 7ff685c19bf0 576->596 577->576 579 7ff685c1adc4-7ff685c1adf2 577->579 579->576 582 7ff685c1adf8-7ff685c1adff 579->582 585 7ff685c1ae18-7ff685c1ae1b 582->585 586 7ff685c1ae01-7ff685c1ae13 call 7ff685c143d4 call 7ff685c143f4 582->586 588 7ff685c1ae21-7ff685c1ae27 585->588 589 7ff685c1b183-7ff685c1b185 585->589 586->596 588->589 594 7ff685c1ae2d-7ff685c1ae30 588->594 593 7ff685c1b1a1-7ff685c1b1b8 589->593 590->593 594->586 597 7ff685c1ae32-7ff685c1ae57 594->597 596->590 600 7ff685c1ae59-7ff685c1ae5b 597->600 601 7ff685c1ae8a-7ff685c1ae91 597->601 603 7ff685c1ae5d-7ff685c1ae64 600->603 604 7ff685c1ae82-7ff685c1ae88 600->604 605 7ff685c1ae66-7ff685c1ae7d call 7ff685c143d4 call 7ff685c143f4 call 7ff685c19bf0 601->605 606 7ff685c1ae93-7ff685c1aebb call 7ff685c1c90c call 7ff685c19c58 * 2 601->606 603->604 603->605 608 7ff685c1af08-7ff685c1af1f 604->608 637 7ff685c1b010 605->637 633 7ff685c1aed8-7ff685c1af03 call 7ff685c1b594 606->633 634 7ff685c1aebd-7ff685c1aed3 call 7ff685c143f4 call 7ff685c143d4 606->634 612 7ff685c1af9a-7ff685c1afa4 call 7ff685c22c2c 608->612 613 7ff685c1af21-7ff685c1af29 608->613 625 7ff685c1afaa-7ff685c1afbf 612->625 626 7ff685c1b02e 612->626 613->612 617 7ff685c1af2b-7ff685c1af2d 613->617 617->612 618 7ff685c1af2f-7ff685c1af45 617->618 618->612 622 7ff685c1af47-7ff685c1af53 618->622 622->612 627 7ff685c1af55-7ff685c1af57 622->627 625->626 631 7ff685c1afc1-7ff685c1afd3 GetConsoleMode 625->631 629 7ff685c1b033-7ff685c1b053 ReadFile 626->629 627->612 632 7ff685c1af59-7ff685c1af71 627->632 635 7ff685c1b059-7ff685c1b061 629->635 636 7ff685c1b14d-7ff685c1b156 GetLastError 629->636 631->626 638 7ff685c1afd5-7ff685c1afdd 631->638 632->612 642 7ff685c1af73-7ff685c1af7f 632->642 633->608 634->637 635->636 644 7ff685c1b067 635->644 639 7ff685c1b158-7ff685c1b16e call 7ff685c143f4 call 7ff685c143d4 636->639 640 7ff685c1b173-7ff685c1b176 636->640 641 7ff685c1b013-7ff685c1b01d call 7ff685c19c58 637->641 638->629 646 7ff685c1afdf-7ff685c1b001 ReadConsoleW 638->646 639->637 650 7ff685c1b009-7ff685c1b00b call 7ff685c14368 640->650 651 7ff685c1b17c-7ff685c1b17e 640->651 641->593 642->612 649 7ff685c1af81-7ff685c1af83 642->649 653 7ff685c1b06e-7ff685c1b083 644->653 655 7ff685c1b003 GetLastError 646->655 656 7ff685c1b022-7ff685c1b02c 646->656 649->612 660 7ff685c1af85-7ff685c1af95 649->660 650->637 651->641 653->641 662 7ff685c1b085-7ff685c1b090 653->662 655->650 656->653 660->612 665 7ff685c1b0b7-7ff685c1b0bf 662->665 666 7ff685c1b092-7ff685c1b0ab call 7ff685c1a984 662->666 667 7ff685c1b13b-7ff685c1b148 call 7ff685c1a7c4 665->667 668 7ff685c1b0c1-7ff685c1b0d3 665->668 674 7ff685c1b0b0-7ff685c1b0b2 666->674 667->674 671 7ff685c1b12e-7ff685c1b136 668->671 672 7ff685c1b0d5 668->672 671->641 675 7ff685c1b0da-7ff685c1b0e1 672->675 674->641 677 7ff685c1b11d-7ff685c1b128 675->677 678 7ff685c1b0e3-7ff685c1b0e7 675->678 677->671 679 7ff685c1b0e9-7ff685c1b0f0 678->679 680 7ff685c1b103 678->680 679->680 681 7ff685c1b0f2-7ff685c1b0f6 679->681 682 7ff685c1b109-7ff685c1b119 680->682 681->680 683 7ff685c1b0f8-7ff685c1b101 681->683 682->675 684 7ff685c1b11b 682->684 683->682 684->671
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                  • Instruction ID: 4ee1dee7018902fa2e572b09b26f2d77ffd5104135d5330e9b3af2c4d30879fa
                                                  • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                  • Instruction Fuzzy Hash: CEC1DC67A48686D1EA619B14D4402BE2BB4FF90FA4F65013DEA4E83791CE7CEC59CF40
                                                  Function 00007FF685C07B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                  • String ID:
                                                  • API String ID: 995526605-0
                                                  • Opcode ID: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                  • Instruction ID: e3b7077324aadf6798f4e73fb4824a1e4447a3d78f82a24fb5ba620b7d335899
                                                  • Opcode Fuzzy Hash: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                  • Instruction Fuzzy Hash: 1B212172A0CA82C1EA149B55E44462AA7B1FF95FB4F10063DDA6D83AD4DF7CD849CF00
                                                  Function 00007FF685C033E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetModuleFileNameW.KERNEL32(?,00007FF685C03534), ref: 00007FF685C03411
                                                    • Part of subcall function 00007FF685C029E0: GetLastError.KERNEL32(?,?,?,00007FF685C0342E,?,00007FF685C03534), ref: 00007FF685C02A14
                                                    • Part of subcall function 00007FF685C029E0: FormatMessageW.KERNEL32(?,?,?,00007FF685C0342E), ref: 00007FF685C02A7D
                                                    • Part of subcall function 00007FF685C029E0: MessageBoxW.USER32 ref: 00007FF685C02ACF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ErrorFileFormatLastModuleName
                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                  • API String ID: 517058245-2863816727
                                                  • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                  • Instruction ID: 6d257f80c2eaf3a162cc82eea6d6bf1eb5a4298573f2fee9992252651122caa3
                                                  • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                  • Instruction Fuzzy Hash: 742162A3B18542D1FA619B26E8513B95670BF88FA4F80513FE65DC65E5EF2CE904CF00
                                                  Function 00007FF685C08400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 00007FF685C07B50: GetCurrentProcess.KERNEL32 ref: 00007FF685C07B70
                                                    • Part of subcall function 00007FF685C07B50: OpenProcessToken.ADVAPI32 ref: 00007FF685C07B83
                                                    • Part of subcall function 00007FF685C07B50: GetTokenInformation.KERNELBASE ref: 00007FF685C07BA8
                                                    • Part of subcall function 00007FF685C07B50: GetLastError.KERNEL32 ref: 00007FF685C07BB2
                                                    • Part of subcall function 00007FF685C07B50: GetTokenInformation.KERNELBASE ref: 00007FF685C07BF2
                                                    • Part of subcall function 00007FF685C07B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF685C07C0E
                                                    • Part of subcall function 00007FF685C07B50: CloseHandle.KERNEL32 ref: 00007FF685C07C26
                                                  • LocalFree.KERNEL32(?,00007FF685C03814), ref: 00007FF685C0848C
                                                  • LocalFree.KERNEL32(?,00007FF685C03814), ref: 00007FF685C08495
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                  • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                  • API String ID: 6828938-1529539262
                                                  • Opcode ID: 66c7400c0f842d66862a6c7a5c7e226ffa5096460946b14aa4108adf3e2753a4
                                                  • Instruction ID: 15e3ebf5309b8cd4c7955a844585c696b6f2b2128fb39eee205ff18859fae3bc
                                                  • Opcode Fuzzy Hash: 66c7400c0f842d66862a6c7a5c7e226ffa5096460946b14aa4108adf3e2753a4
                                                  • Instruction Fuzzy Hash: A1215163A08642C2FA50AB51E4153E962B1FF98BA0F94503EEA4D83796DF3CDD45CF80
                                                  Function 00007FF685C1C270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 819 7ff685c1c270-7ff685c1c295 820 7ff685c1c29b-7ff685c1c29e 819->820 821 7ff685c1c563 819->821 823 7ff685c1c2d7-7ff685c1c303 820->823 824 7ff685c1c2a0-7ff685c1c2d2 call 7ff685c19b24 820->824 822 7ff685c1c565-7ff685c1c575 821->822 826 7ff685c1c30e-7ff685c1c314 823->826 827 7ff685c1c305-7ff685c1c30c 823->827 824->822 829 7ff685c1c316-7ff685c1c31f call 7ff685c1b630 826->829 830 7ff685c1c324-7ff685c1c339 call 7ff685c22c2c 826->830 827->824 827->826 829->830 834 7ff685c1c33f-7ff685c1c348 830->834 835 7ff685c1c453-7ff685c1c45c 830->835 834->835 838 7ff685c1c34e-7ff685c1c352 834->838 836 7ff685c1c45e-7ff685c1c464 835->836 837 7ff685c1c4b0-7ff685c1c4d5 WriteFile 835->837 839 7ff685c1c466-7ff685c1c469 836->839 840 7ff685c1c49c-7ff685c1c4ae call 7ff685c1bd28 836->840 843 7ff685c1c4d7-7ff685c1c4dd GetLastError 837->843 844 7ff685c1c4e0 837->844 841 7ff685c1c363-7ff685c1c36e 838->841 842 7ff685c1c354-7ff685c1c35c call 7ff685c13ae0 838->842 845 7ff685c1c488-7ff685c1c49a call 7ff685c1bf48 839->845 846 7ff685c1c46b-7ff685c1c46e 839->846 867 7ff685c1c440-7ff685c1c447 840->867 848 7ff685c1c37f-7ff685c1c394 GetConsoleMode 841->848 849 7ff685c1c370-7ff685c1c379 841->849 842->841 843->844 851 7ff685c1c4e3 844->851 845->867 853 7ff685c1c4f4-7ff685c1c4fe 846->853 854 7ff685c1c474-7ff685c1c486 call 7ff685c1be2c 846->854 857 7ff685c1c39a-7ff685c1c3a0 848->857 858 7ff685c1c44c 848->858 849->835 849->848 852 7ff685c1c4e8 851->852 860 7ff685c1c4ed 852->860 861 7ff685c1c55c-7ff685c1c561 853->861 862 7ff685c1c500-7ff685c1c505 853->862 854->867 865 7ff685c1c3a6-7ff685c1c3a9 857->865 866 7ff685c1c429-7ff685c1c43b call 7ff685c1b8b0 857->866 858->835 860->853 861->822 868 7ff685c1c507-7ff685c1c50a 862->868 869 7ff685c1c533-7ff685c1c53d 862->869 871 7ff685c1c3ab-7ff685c1c3ae 865->871 872 7ff685c1c3b4-7ff685c1c3c2 865->872 866->867 867->852 874 7ff685c1c50c-7ff685c1c51b 868->874 875 7ff685c1c523-7ff685c1c52e call 7ff685c143b0 868->875 876 7ff685c1c53f-7ff685c1c542 869->876 877 7ff685c1c544-7ff685c1c553 869->877 871->860 871->872 878 7ff685c1c420-7ff685c1c424 872->878 879 7ff685c1c3c4 872->879 874->875 875->869 876->821 876->877 877->861 878->851 881 7ff685c1c3c8-7ff685c1c3df call 7ff685c22cf8 879->881 885 7ff685c1c417-7ff685c1c41d GetLastError 881->885 886 7ff685c1c3e1-7ff685c1c3ed 881->886 885->878 887 7ff685c1c40c-7ff685c1c413 886->887 888 7ff685c1c3ef-7ff685c1c401 call 7ff685c22cf8 886->888 887->878 890 7ff685c1c415 887->890 888->885 892 7ff685c1c403-7ff685c1c40a 888->892 890->881 892->887
                                                  APIs
                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF685C1C25B), ref: 00007FF685C1C38C
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF685C1C25B), ref: 00007FF685C1C417
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ConsoleErrorLastMode
                                                  • String ID:
                                                  • API String ID: 953036326-0
                                                  • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                  • Instruction ID: 71d0fd4c368b12271cbc74323593fae52315238325c3afe8bee368bd0f210d0e
                                                  • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                  • Instruction Fuzzy Hash: C8918F63A48651C5F7608B65D4806BD2FB0FF44FA8F54513DEE0EA6A85DE3CE842CB04
                                                  Function 00007FF685C14938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 1279662727-0
                                                  • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                  • Instruction ID: a27ac85e800d801248d2e52635f63c185f07af3ef9dcd21b223dfe874cd233a2
                                                  • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                  • Instruction Fuzzy Hash: 9F41B027D58782C3E3108B20D5903A96670FF94BB4F10933CE69983AD1DF6CA9A0CB40
                                                  Function 00007FF685C0BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                  • String ID:
                                                  • API String ID: 3251591375-0
                                                  • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                  • Instruction ID: 9a76f7805ea0d0ec30b70d4ce094d79677f1c9a07d86cdbd713a479f5ddf6544
                                                  • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                  • Instruction Fuzzy Hash: 77313BA7A4D143C1FA54AB65D4513BAAA71BF45FA8F44403EEA0EC76D3DE2CAC05CE01
                                                  Function 00007FF685C18D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                  • Instruction ID: 29af434844c0321fdbf9ca1e64e4c52822751a57e22e59f879ae1fded9439c67
                                                  • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                  • Instruction Fuzzy Hash: 27D06712F58706C6EA583B72D85917916317F5CF65B10243CD84A87397CD2CAC09CA40
                                                  Function 00007FF685C0F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                  • Instruction ID: 298e6bad8371bbf5dd82d93d053009d39fbb946e304f69a5ecceef70cbf7fc1b
                                                  • Opcode Fuzzy Hash: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                  • Instruction Fuzzy Hash: FD51B4A3B09242C6EA689E66D40067A66A1FF44FB4F18463EDD6D877D5CE3CDC81CE00
                                                  Function 00007FF685C1B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastPointer
                                                  • String ID:
                                                  • API String ID: 2976181284-0
                                                  • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                  • Instruction ID: 589fc8bd7648e270684f6ff4ec95dc29110db3d9536b26befb7ceac5426e882b
                                                  • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                  • Instruction Fuzzy Hash: BD119D62A08A81C1DA108B25E844169A775FF44FF8F545339EA7D877E9CE38D850CB00
                                                  Function 00007FF685C19C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C6E
                                                  • GetLastError.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C78
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 485612231-0
                                                  • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                  • Instruction ID: 72a9af4e3380bc0885dbd1d56673206afa92e504305566c243cbf3b61a4880d3
                                                  • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                  • Instruction Fuzzy Hash: 51E08C52F48646C3FF186BF2E89407922B2BF98F21B40603CC90EC3251EE2C6C45CE00
                                                  Function 00007FF685C19E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF685C19CE5,?,?,00000000,00007FF685C19D9A), ref: 00007FF685C19ED6
                                                  • GetLastError.KERNEL32(?,?,?,00007FF685C19CE5,?,?,00000000,00007FF685C19D9A), ref: 00007FF685C19EE0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CloseErrorHandleLast
                                                  • String ID:
                                                  • API String ID: 918212764-0
                                                  • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                  • Instruction ID: 2e63f9e20ee5ccf2b4988315be725ac690537c9a675d47e58363e5d80218b33f
                                                  • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                  • Instruction Fuzzy Hash: 93216F23F58642C1EA949761E49037926B2BF84FB4F14523DDA2EC77D1CE6CAC45CB05
                                                  Function 00007FF685C1B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                  • Instruction ID: 49428d7104adbb6770d30593cd6d987dbd12e9b45f592b75637dd484ba816295
                                                  • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                  • Instruction Fuzzy Hash: 9A41BB33948205C7EA649A19E54127D7BB5FF56FA8F14113DEA8AC7690CF2CE802CF51
                                                  Function 00007FF685C076A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _fread_nolock
                                                  • String ID:
                                                  • API String ID: 840049012-0
                                                  • Opcode ID: f9e300d27ed469fbcb6f93ed44fdcb2b54c6f72a45599014825c29f043835573
                                                  • Instruction ID: 2f0c755e2a7434919bf1750fc6c55f85f2ac51c5a9b1b780c07c3bce4a546510
                                                  • Opcode Fuzzy Hash: f9e300d27ed469fbcb6f93ed44fdcb2b54c6f72a45599014825c29f043835573
                                                  • Instruction Fuzzy Hash: 4B21D662B08291D5FE159B1AE9043BAA6B1BF95FE4F88443DDD0C87782DE7DE845CB00
                                                  Function 00007FF685C1AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                  • Instruction ID: 6f4b49da6357470dffc360e95eb2f64cfe86364c7a2112de612baf02621fd2c3
                                                  • Opcode Fuzzy Hash: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                  • Instruction Fuzzy Hash: AB316927A58652C6E711AB15D8813BD2670BF50FB1F95023DEA2D833D2CEBDAC41CB91
                                                  Function 00007FF685C18C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                  • String ID:
                                                  • API String ID: 3947729631-0
                                                  • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                  • Instruction ID: db67f43ab266f5764dfba35a8bececfea15e994c4b821282beb1880faedb5b18
                                                  • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                  • Instruction Fuzzy Hash: 5B216932A19706CAEB649F65C4502AC37B0FB44B28F54463ED62C86AD5EF38D985CB50
                                                  Function 00007FF685C152A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                  • Instruction ID: b8c45776e6fbfd16dd9274ca7539c34266576bea503d9550fa88972a0f2e1603
                                                  • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                  • Instruction Fuzzy Hash: 5E118C23A5C682C6EA619F51D40027EA2B4BF95FA0F54403DEA4C9BA96DF3CEC40CF41
                                                  Function 00007FF685C25664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                  • Instruction ID: ed5f56d222a070e2bee984f0db5fa268f9d098665b3a2b891f8968d193d7e4ff
                                                  • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                  • Instruction Fuzzy Hash: FF212C73A18682C6DB618A18D48036A76B0BF98FA5F54523CD65D8A699DF38D800CB00
                                                  Function 00007FF685C0F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                  • Instruction ID: d29315bd370260f0e6dcb363e3db3e04fbc0fb4978b9e0841d02dfa53b72696b
                                                  • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                  • Instruction Fuzzy Hash: 7B01C866A08742C0E944DB56D900079A6B5BF55FF0F48463DDE5C93BD6DE7CD882CB00
                                                  Function 00007FF685C1720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                  • Instruction ID: aa331e44ceb3a15d2240192cd48180a0e13639d8b3f47176a69d3fe07c60386e
                                                  • Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                  • Instruction Fuzzy Hash: 1D01AD22E49682C1FEA4AB61E54117912F0BF55FB4F54413CF95CCABC2DE2CAC56CE01
                                                  Function 00007FF685C17548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                  • Instruction ID: 35afaf0482ef67aeaa62783bc2d546f8c2d4cf3c5d03da1c95c7072083bf54be
                                                  • Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                  • Instruction Fuzzy Hash: 5DE0EC96EC8247C2FA54BAA8C5C227911B0BF64B60F90507CD90986283DD2C7C49DE62
                                                  Function 00007FF685C1DEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF685C1A63A,?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A), ref: 00007FF685C1DEFD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AllocHeap
                                                  • String ID:
                                                  • API String ID: 4292702814-0
                                                  • Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                  • Instruction ID: 9d8650b8c1db957b175c30ca54ed695427f703b8d2057205e3ea5503511e13c6
                                                  • Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                  • Instruction Fuzzy Hash: 45F06D1BB89247C1FE545662D8513B612B17F98F60F48557CD90EC62C1DE2CED85CA10
                                                  Function 00007FF685C1C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF685C0FFB0,?,?,?,00007FF685C1161A,?,?,?,?,?,00007FF685C12E09), ref: 00007FF685C1C94A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AllocHeap
                                                  • String ID:
                                                  • API String ID: 4292702814-0
                                                  • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                  • Instruction ID: d7200333d4d5893f32aa5ba786296e70b518b0f558e4100252bb0f2849e07d9f
                                                  • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                  • Instruction Fuzzy Hash: ACF05803F98287C5FE6466B1D85127916A07F88FB0F08563CE82FC62C1DE2CAC41C994

                                                  Non-executed Functions

                                                  Function 00007FF685C06EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                  • API String ID: 190572456-3427451314
                                                  • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                  • Instruction ID: 495a8b29e4e8fd782e30011de3481df974f1fd00bfc1abf86d7665a699aa0684
                                                  • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                  • Instruction Fuzzy Hash: 5EE179AA909B03D0FA55DF55E8501B423B5BF58F74F94207EC81E822A4EF7CBD89CA41
                                                  Function 00007FF685C233BC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                  • API String ID: 808467561-2761157908
                                                  • Opcode ID: 006b587dceb6a8e5448b800068f928c3aefb42c20130fc8eaa47f3b19415637c
                                                  • Instruction ID: 81ab7c8c811a661a4071a83c83c64bc4fdbd8f4241de0e2557139aef63e68aad
                                                  • Opcode Fuzzy Hash: 006b587dceb6a8e5448b800068f928c3aefb42c20130fc8eaa47f3b19415637c
                                                  • Instruction Fuzzy Hash: D4B2AF73A18282CBE7658E65D5807F936B1FF58B98F50613DDA0A97A84DF78AD00CF40
                                                  Function 00007FF685C09FCD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                  • API String ID: 0-2665694366
                                                  • Opcode ID: 7289e34dee421d23927a0f8f8a094fde9ef8b8d5e9feb20e52711e481e6fcba8
                                                  • Instruction ID: 3254a69accabcff3f98a54adbeec4f0b35b3df1df47a59264e5aecd7d43f8c7c
                                                  • Opcode Fuzzy Hash: 7289e34dee421d23927a0f8f8a094fde9ef8b8d5e9feb20e52711e481e6fcba8
                                                  • Instruction Fuzzy Hash: F3529FB3A186A58BE7948B14C858B7E3AB9FF44754F41413EE64A87780DF39DD44CB40
                                                  Function 00007FF685C0C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 3140674995-0
                                                  • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                  • Instruction ID: 51bd5c546c73556aaeb9edbd321813236b76e62293dc1957049e22273bb2da8d
                                                  • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                  • Instruction Fuzzy Hash: 6E311962608B81C6EB608F64E8803EE6770FB88B58F04503EDA4D87A95DF38D948CB10
                                                  Function 00007FF685C029E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ErrorFormatLast
                                                  • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                  • API String ID: 3971115935-1149178304
                                                  • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                  • Instruction ID: 23e50df21dd711c7de41580c37cab8dff6692b5e46089c5950cdc4988de714db
                                                  • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                  • Instruction Fuzzy Hash: DD211E73618A85C2E7209B11F4506DA6774FF88B98F40112EEA8D93A98DF7CDA46CF40
                                                  Function 00007FF685C24F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _get_daylight.LIBCMT ref: 00007FF685C24F55
                                                    • Part of subcall function 00007FF685C248A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C248BC
                                                    • Part of subcall function 00007FF685C19C58: RtlFreeHeap.NTDLL(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C6E
                                                    • Part of subcall function 00007FF685C19C58: GetLastError.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C78
                                                    • Part of subcall function 00007FF685C19C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF685C19BEF,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C19C19
                                                    • Part of subcall function 00007FF685C19C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF685C19BEF,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C19C3E
                                                  • _get_daylight.LIBCMT ref: 00007FF685C24F44
                                                    • Part of subcall function 00007FF685C24908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C2491C
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251BA
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251CB
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251DC
                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF685C2541C), ref: 00007FF685C25203
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                  • String ID:
                                                  • API String ID: 4070488512-0
                                                  • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                  • Instruction ID: dd3107746a10b42fcfb691a53b599a48b66aca5821a125ef2fee6cf79783c59c
                                                  • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                  • Instruction Fuzzy Hash: 0DD19F3BA18242C6E7249F26D8805BA6671FF88FA5F44613DDA4DC7A85DE3CEC41CB40
                                                  Function 00007FF685C19924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 1239891234-0
                                                  • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                  • Instruction ID: a9e353bfce4666b071843aaebe07777df1c16d1758f3be17e9d593ecf8406ddc
                                                  • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                  • Instruction Fuzzy Hash: 09312C33618B81C6EB608B25E8402AE67B4FF88B68F54113EEA9D83B55DF38D545CF00
                                                  Function 00007FF685C20B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 2227656907-0
                                                  • Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                  • Instruction ID: 35a8ea2ff39985fe6c5da35ee25b73f7631686707886348645c4f1c7912bc423
                                                  • Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                  • Instruction Fuzzy Hash: 63B1A167B19682C1EA609B21D4102B966B1FF48FF4F44613EEA9D97A95DF3CEC41CB00
                                                  Function 00007FF685C2518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251BA
                                                    • Part of subcall function 00007FF685C24908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C2491C
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251CB
                                                    • Part of subcall function 00007FF685C248A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C248BC
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251DC
                                                    • Part of subcall function 00007FF685C248D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C248EC
                                                    • Part of subcall function 00007FF685C19C58: RtlFreeHeap.NTDLL(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C6E
                                                    • Part of subcall function 00007FF685C19C58: GetLastError.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C78
                                                  • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF685C2541C), ref: 00007FF685C25203
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                  • String ID:
                                                  • API String ID: 3458911817-0
                                                  • Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                  • Instruction ID: 00b6f24031a0040877e133be6b5f607549122e0b2ac8343fd7f8b2264987f940
                                                  • Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                  • Instruction Fuzzy Hash: B4511B37A18642C6E720DF21E8815AA7671BF48BA5F44613EDA4DC7A95DF3CE841CF40
                                                  Function 00007FF685C0C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                  • String ID:
                                                  • API String ID: 2933794660-0
                                                  • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                  • Instruction ID: a7ade6f7977d42f5c191fc919a1100cef2232a2c08f27cd25615845b4c70735c
                                                  • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                  • Instruction Fuzzy Hash: 08111C22B14B05CAEB008F60E9542A933B4FB59B68F441E39DA6D877A4DF78E554CB40
                                                  Function 00007FF685C22F20 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: memcpy_s
                                                  • String ID:
                                                  • API String ID: 1502251526-0
                                                  • Opcode ID: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                  • Instruction ID: 1cbc88a57cee8963b2a9890a450e62741882cf8eeb6a139c88deb5e11acdc1f7
                                                  • Opcode Fuzzy Hash: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                  • Instruction Fuzzy Hash: 94C1A173B1868687DB248F1AE04466AB7A1FB98F94F44A13DDB4A87744DE3DED01CB40
                                                  Function 00007FF685C0979B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $header crc mismatch$unknown header flags set
                                                  • API String ID: 0-1127688429
                                                  • Opcode ID: 6a55f11302ef793728786adf415505d571280719f8ef56880a9f0a37636d8ec0
                                                  • Instruction ID: c52a809a108d21ece0d6fc28a0093e6de77ef5f63ef51ecfa738e394f56adc26
                                                  • Opcode Fuzzy Hash: 6a55f11302ef793728786adf415505d571280719f8ef56880a9f0a37636d8ec0
                                                  • Instruction Fuzzy Hash: 16F170A3A183958BE7E59B15C088B3A7ABAFF44B60F05453EDA4987790CF78DD41CB40
                                                  Function 00007FF685C28A38 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise_clrfp
                                                  • String ID:
                                                  • API String ID: 15204871-0
                                                  • Opcode ID: 4367feba8b0fb5a89db2d79700bffb7903d016d74ce2a4ac284103265cf95646
                                                  • Instruction ID: ea234ca659b8accde0e3aade762a1ede17d9dbf8d17b07bfdabb2e26b2f318a1
                                                  • Opcode Fuzzy Hash: 4367feba8b0fb5a89db2d79700bffb7903d016d74ce2a4ac284103265cf95646
                                                  • Instruction Fuzzy Hash: D1B13C77605B89CAEB15CF2AC8463683BB0FB48F58F159929DA5D837A4CF39D851CB00
                                                  Function 00007FF685C12CC4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $
                                                  • API String ID: 0-227171996
                                                  • Opcode ID: 25965de2e6678be5c8c686b25b3b835ec4bf2bfab2b797158b347abdb642f747
                                                  • Instruction ID: 30d4a989bdbc58a6b9d37f7d69b74c17daea22175985336eb879faa19125cddc
                                                  • Opcode Fuzzy Hash: 25965de2e6678be5c8c686b25b3b835ec4bf2bfab2b797158b347abdb642f747
                                                  • Instruction Fuzzy Hash: 8CE1903BA48646C6EF689A26C15013927B0FF45FA8F14423DDA4E87794EF2DEC52CB44
                                                  Function 00007FF685C095FB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: incorrect header check$invalid window size
                                                  • API String ID: 0-900081337
                                                  • Opcode ID: 226024973a440a2a6261c5f164d8bafa30541a105b972a390c392a8354fe07a0
                                                  • Instruction ID: 11cd9f391781e78020c3eab1a9287fe11df61899d1519b8b155f128e70c5b02a
                                                  • Opcode Fuzzy Hash: 226024973a440a2a6261c5f164d8bafa30541a105b972a390c392a8354fe07a0
                                                  • Instruction Fuzzy Hash: 7A9172B3A18285C7E7A48B15D458B3A3AB9FF44B64F15413EDA4A87680CF39ED40CF00
                                                  Function 00007FF685C1D200 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: e+000$gfff
                                                  • API String ID: 0-3030954782
                                                  • Opcode ID: 1324d18368fb7be0dec1b44ace24e6b174879433860390047f5d35653063db2a
                                                  • Instruction ID: 53dd8a24e145e47f9891cdc287027fd27ee458f4eed2bf02ba295230eefe2b2c
                                                  • Opcode Fuzzy Hash: 1324d18368fb7be0dec1b44ace24e6b174879433860390047f5d35653063db2a
                                                  • Instruction Fuzzy Hash: D1512823B586C586E7248E25E80176967A1FB44FA4F48927DCAA8CBAC1CE7DD845CB00
                                                  Function 00007FF685C1CD6C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: gfffffff
                                                  • API String ID: 0-1523873471
                                                  • Opcode ID: ee332c23296b8dd3ed29fdb42bef122adb490463d0c8b601810d73b835641fc7
                                                  • Instruction ID: 281ce7f3c43428e63c46f6c394efc81d2df97972ca828a000b6c1c75caefb237
                                                  • Opcode Fuzzy Hash: ee332c23296b8dd3ed29fdb42bef122adb490463d0c8b601810d73b835641fc7
                                                  • Instruction Fuzzy Hash: 57A12663B487C686EB21CB29E4007A97BA1BF55FA4F05813AEA4D87785DE3DD901CB01
                                                  Function 00007FF685C17AAC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: TMP
                                                  • API String ID: 3215553584-3125297090
                                                  • Opcode ID: ab01c8f9f33d9f34f1c73768ca5f7e92e4f1b42dfcb743eef36c8d357443a917
                                                  • Instruction ID: f9d6243080a2c2d01cc0ad0464228ba0e271b19dcbe26ab4f6bf857558c2c653
                                                  • Opcode Fuzzy Hash: ab01c8f9f33d9f34f1c73768ca5f7e92e4f1b42dfcb743eef36c8d357443a917
                                                  • Instruction Fuzzy Hash: 70517F13B48646C1FA64AA26DA111BA52E1BF45FA4F18543DDE0EC7792EE7CEC49CA00
                                                  Function 00007FF685C22790 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: HeapProcess
                                                  • String ID:
                                                  • API String ID: 54951025-0
                                                  • Opcode ID: fe1a72d78314f5032ff6e3f3402ce84269ae1386cefa971ca0fc6f511f9bbc55
                                                  • Instruction ID: 486589561ff5f233ff5bc18bcc4c05f1f12d82a03c5e090e722020bad11952fe
                                                  • Opcode Fuzzy Hash: fe1a72d78314f5032ff6e3f3402ce84269ae1386cefa971ca0fc6f511f9bbc55
                                                  • Instruction Fuzzy Hash: CBB09225E07A8AC3EA182B12AC8621422B47F88B21FA4803DC40C82320DE2C28A58B00
                                                  Function 00007FF685C128C0 Relevance: .3, Instructions: 327COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b05403af9c31de739a9311cbf741df56ce5de8bb6a66a9cc9bcf40cf40427d0b
                                                  • Instruction ID: bd913ef9083d7fcdfa2857902315ba6b4883413d2384ceddec2d696ac3173dac
                                                  • Opcode Fuzzy Hash: b05403af9c31de739a9311cbf741df56ce5de8bb6a66a9cc9bcf40cf40427d0b
                                                  • Instruction Fuzzy Hash: 6ED18D2BA48642C6EF788A2AC55027D27B0FF45F68F14423DCE0E87695EF29EC45DB40
                                                  Function 00007FF685C08B20 Relevance: .3, Instructions: 287COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b6de572fc7ea0867e481f021e98a3cee959a95ba6dd1d6718a656c0f39a4e480
                                                  • Instruction ID: af0d3a20cfde525e470c0c4e7b1cce4140045e3b13378665275a2fc050dbea79
                                                  • Opcode Fuzzy Hash: b6de572fc7ea0867e481f021e98a3cee959a95ba6dd1d6718a656c0f39a4e480
                                                  • Instruction Fuzzy Hash: 69C1C2732142F18FD288EB29E45957A73E1FB98309BD4402BEB8747B85CA3CE415DB90
                                                  Function 00007FF685C11F30 Relevance: .2, Instructions: 241COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54646038064d7a6353eabae39e6447674b1691c16f4822fec46df2a19c6da082
                                                  • Instruction ID: 75c019abecd8c5336e19d0bdfb8a6395590ee658fc522aee2f12634c3b2be1a0
                                                  • Opcode Fuzzy Hash: 54646038064d7a6353eabae39e6447674b1691c16f4822fec46df2a19c6da082
                                                  • Instruction Fuzzy Hash: 09B14B7BA48685C5EB658F3AC05422C3BB0FB49F68F24423DCA4E87395EF29D851CB14
                                                  Function 00007FF685C1D880 Relevance: .2, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c5cf27518f3756e107451e616d5c43acfc5497bdc9406be32d6656a2e3ee85f8
                                                  • Instruction ID: 2a2e0b41743e068119c4446bf2f46407521e9074a343eff30387b0cf91ea086d
                                                  • Opcode Fuzzy Hash: c5cf27518f3756e107451e616d5c43acfc5497bdc9406be32d6656a2e3ee85f8
                                                  • Instruction Fuzzy Hash: B581A273A4C68186EB74CF19D54136A66A1FF86BA4F14427DDA8E83B95CE3DE940CF00
                                                  Function 00007FF685C25728 Relevance: .2, Instructions: 183COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: d2b2a23e656420a48cffdcfc29ff0550bdd13d7615b538a3eaf25f4462ec28d4
                                                  • Instruction ID: cedbfe6aa4520b2f7f0df1ba49a3892f43f86cc5ab8c642dd492d51adf833bc3
                                                  • Opcode Fuzzy Hash: d2b2a23e656420a48cffdcfc29ff0550bdd13d7615b538a3eaf25f4462ec28d4
                                                  • Instruction Fuzzy Hash: 4261BF63E58282C6FB649A28D45023E66A1BF48F71F14523DDA5DCAAD4DE7DEC01CE40
                                                  Function 00007FF685C11074 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                  • Instruction ID: 8a8a2952d6f3ccf05ca080702a923223ec399538dcc386a9b9a6c8fe0527dc2d
                                                  • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                  • Instruction Fuzzy Hash: 59513B77A68A92C6E7248B29C04422867B1FF45FB8F24413DCA4D97795DF6EEC42CB40
                                                  Function 00007FF685C11484 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                  • Instruction ID: a867769d67172109da9d0a5a2100c1642dbb92b4441f110032819904d65fcc6b
                                                  • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                  • Instruction Fuzzy Hash: 47513C77A58A51C6E7248B29C04422827B0FF55FB8F28413DDA4E977A4CF2EEC52CB40
                                                  Function 00007FF685C10C64 Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                  • Instruction ID: b8a26d7e5830e08b7396867486c3992827d090bf814ccdadefb341806a22283f
                                                  • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                  • Instruction Fuzzy Hash: 50514B77A58651C6E7248B29C05022927B1FF49FA8F24413DDA8DA7795CF3AEC52CF80
                                                  Function 00007FF685C10E70 Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                  • Instruction ID: 0bfe6fc9d472d50c1200a411c4e9b82c2a964924898eefdf4f6a3e6537cd51bd
                                                  • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                  • Instruction Fuzzy Hash: 11515B37A58655C6E7648B29C04122827B1FF45FA8F24413DCA8DA7795CF3AED52CB40
                                                  Function 00007FF685C11280 Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                  • Instruction ID: e9509b12170f0bd5c706b62d6eae674d071b3e1bdd4fd844147c4aec38d1f850
                                                  • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                  • Instruction Fuzzy Hash: E9514B77A58652C6E7658B29C04022827B1FF45FA8F64513DCE4D9B7A8CF2EEC52CB40
                                                  Function 00007FF685C10A60 Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                  • Instruction ID: a30b79b26f8c47c958c78ffb8ac39da368b482f35e731ade1c4ee16a0c3ab535
                                                  • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                  • Instruction Fuzzy Hash: 51517837A59651C6E7248B29C14022937B1FF49F68F28413DCA4CA7799DF3AEC82CB40
                                                  Function 00007FF685C15040 Relevance: .1, Instructions: 138COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                  • Instruction ID: cc2958db52fbb422e26d8b0511b14dae4254bc2fe40717594575c10654a1c8ca
                                                  • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                  • Instruction Fuzzy Hash: B241D653DC974AC5E9568968C9146B426A0BF12FB2D7852BCCDA9D33C2ED0D6D87CE00
                                                  Function 00007FF685C191B0 Relevance: .1, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 485612231-0
                                                  • Opcode ID: 8d7eb27f456b44a91f9c68f162ea9965681a4a0d7ad24d9c24e3bfc258020ebf
                                                  • Instruction ID: dba5e744900405b426e17f4068585354a25e4ccda269ec0191b069b8254c6f6f
                                                  • Opcode Fuzzy Hash: 8d7eb27f456b44a91f9c68f162ea9965681a4a0d7ad24d9c24e3bfc258020ebf
                                                  • Instruction Fuzzy Hash: A541B463714A55C2EF44CF6ADA142A973A2BB48FE0B49A43ADE0DD7B54DE3CD841CB00
                                                  Function 00007FF685C173F4 Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d47bd74fb6a019277da3c6b3819bfc69269ba7720235d09fb044e88388ffaf66
                                                  • Instruction ID: 20e11f0e6b4332a183190321e68ff256df9a4b73383d25c43dc137d712407d6b
                                                  • Opcode Fuzzy Hash: d47bd74fb6a019277da3c6b3819bfc69269ba7720235d09fb044e88388ffaf66
                                                  • Instruction Fuzzy Hash: 53318233758B82C1EB64DB25A48012E6AE5FF84FA0F14423CEA9D93B95DF3CD8118B04
                                                  Function 00007FF685C28880 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b45f31a2a70b9ba878c3a12fffa6905b3575b51dadbfc3a0cbe7f45b87496cea
                                                  • Instruction ID: 155c61f2f8417a58421e006b8b62a5fc291ab49f92f955ab4dbb16348a61e4d1
                                                  • Opcode Fuzzy Hash: b45f31a2a70b9ba878c3a12fffa6905b3575b51dadbfc3a0cbe7f45b87496cea
                                                  • Instruction Fuzzy Hash: EBF04472A182958EDBA48F29F402A2977E0FB48791F80903DE589C3A04DA7C9850CF04
                                                  Function 00007FF685C0C62C Relevance: .0, Instructions: 2COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 84fb9023dc3cd78644239ae856a17877a0dfc2a7c85af1c48b0789cc2cde0ccb
                                                  • Instruction ID: 4a9881200e32399112173ea7d3631f01cd29481ef284e852b67913934a4b6bc0
                                                  • Opcode Fuzzy Hash: 84fb9023dc3cd78644239ae856a17877a0dfc2a7c85af1c48b0789cc2cde0ccb
                                                  • Instruction Fuzzy Hash: 66A00162918926D0E6588B04E8501256A30BF54B24B40203ED10D820A0DF2CA800CA10
                                                  Function 00007FF685C050B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C050C0
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C05101
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C05126
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C0514B
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C05173
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C0519B
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C051C3
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C051EB
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C05213
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                  • API String ID: 190572456-2007157414
                                                  • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                  • Instruction ID: 6b2d011394f4cf374c5fa66a8d1b09759aa92394237e186329706daf3bb4644b
                                                  • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                  • Instruction Fuzzy Hash: C3126CA690EB43E1FA55DB04E8541B427B0BF48F75B94643EC80E92360EF7CBD58DA81
                                                  Function 00007FF685C077D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF685C086B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF685C03FA4,00000000,00007FF685C01925), ref: 00007FF685C086E9
                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF685C07C97,?,?,FFFFFFFF,00007FF685C03834), ref: 00007FF685C0782C
                                                    • Part of subcall function 00007FF685C026C0: MessageBoxW.USER32 ref: 00007FF685C02736
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                  • API String ID: 1662231829-930877121
                                                  • Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                  • Instruction ID: 174da9e1a1d41ee0319f811facff8bfaf6130573b5af0245015b9ab299156cf0
                                                  • Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                  • Instruction Fuzzy Hash: 1841B393A1C642C1FA54AB24D8516BA63B1BF64FA4F50503ED64EC2695EE6CED08CF40
                                                  Function 00007FF685C020F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                  • String ID: P%
                                                  • API String ID: 2147705588-2959514604
                                                  • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                  • Instruction ID: 913a00daae06dad764ba5f7a1aef582b9441d0edf25120705a8d311968f6d56d
                                                  • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                  • Instruction Fuzzy Hash: 94511666604BA1C6D6249F22E4581BAB7B1FB98B65F004129EBCE83684DF3CD445DB10
                                                  Function 00007FF685C155A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: -$:$f$p$p
                                                  • API String ID: 3215553584-2013873522
                                                  • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                  • Instruction ID: 88a346a0f77c9cf98f1a4e4406570f8e9bfc10b61fe4d36218200a6ebbb8a24d
                                                  • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                  • Instruction Fuzzy Hash: 6C129E23A98243C6FB209A14D1542B972B1FF40B72F94403EE69A866C4DF7CED91CF45
                                                  Function 00007FF685C102E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: f$f$p$p$f
                                                  • API String ID: 3215553584-1325933183
                                                  • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                  • Instruction ID: 9259d816822699217a979777ffc53d5e3bf3980c774dee6288a6c888c3f484fe
                                                  • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                  • Instruction Fuzzy Hash: D3125C63A4C143C7FB20AA15E0546BA6671FF80B64F88403EE69A966C4DF7CEC90CF50
                                                  Function 00007FF685C01050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                  • API String ID: 2030045667-3659356012
                                                  • Opcode ID: 5ffe7bde3881a76b4e0663e2dd04e619921e1103439a51134322ba1d4848be30
                                                  • Instruction ID: b622ff116a6b7cbf147b2b2426d580b107edee737ec68efc5e06965f48723e43
                                                  • Opcode Fuzzy Hash: 5ffe7bde3881a76b4e0663e2dd04e619921e1103439a51134322ba1d4848be30
                                                  • Instruction Fuzzy Hash: B84171A3B08642C2EA149B16EC405BAA7B1BF44FE8F54503EED4D87B95DE3CE945CB40
                                                  Function 00007FF685C01440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                  • API String ID: 2030045667-3659356012
                                                  • Opcode ID: 987a0044a843b9716451bea1425533144f150d76f52320b08b8d0ffb5fdad73b
                                                  • Instruction ID: ca96806e3a7f35552c55dfd521283053a4ad9df1c3ff0f2d05e57a59cbcb7848
                                                  • Opcode Fuzzy Hash: 987a0044a843b9716451bea1425533144f150d76f52320b08b8d0ffb5fdad73b
                                                  • Instruction Fuzzy Hash: 8A416363B08642C1EA209B55E8405BAA7B0FF48FE4F54503EDE4D8BA95EE3CED45CB00
                                                  Function 00007FF685C0DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 849930591-393685449
                                                  • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                  • Instruction ID: fe6c1fef33d333b1dd90ba7e96ced3f2b34791cc073a9ec437f810eb4465e007
                                                  • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                  • Instruction Fuzzy Hash: 26D14DB3A08641C6EB609F65D4403AD67B4FF55BA8F10413EEA4D97B96CF38E981CB40
                                                  Function 00007FF685C0CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D06D
                                                  • GetLastError.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D07B
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D0A5
                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D113
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D11F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                  • String ID: api-ms-
                                                  • API String ID: 2559590344-2084034818
                                                  • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                  • Instruction ID: 6d83e63e22839bc5755171179addd13ca9b1801e979457d76344a033345a97c0
                                                  • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                  • Instruction Fuzzy Hash: 71319467B1AA42C1EE119B16E40067663A4BF08FB8F99053EDD1D87384EF3CE846CB00
                                                  Function 00007FF685C1A460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Value$ErrorLast
                                                  • String ID:
                                                  • API String ID: 2506987500-0
                                                  • Opcode ID: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                  • Instruction ID: 3734ffcc8691e6a7a091e8d51008a6b7700df95df49d6196e462de718592f0a7
                                                  • Opcode Fuzzy Hash: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                  • Instruction Fuzzy Hash: 8A216D22E8C642C2FA686726DA451796172BF48FB0F44563DD83ECAAD6DD2CAC00CF41
                                                  Function 00007FF685C2707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                  • String ID: CONOUT$
                                                  • API String ID: 3230265001-3130406586
                                                  • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                  • Instruction ID: d19c22b4d1e13190396a859ad1b3f86c37d83d88f0dac814418d54f6b721db22
                                                  • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                  • Instruction Fuzzy Hash: 99113D22A18A46C6E7508B52E85432966B1BF98FF4F04523CEA5D877A4DF7CD804CB40
                                                  Function 00007FF685C081F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C0821D
                                                  • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C0827A
                                                    • Part of subcall function 00007FF685C086B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF685C03FA4,00000000,00007FF685C01925), ref: 00007FF685C086E9
                                                  • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C08305
                                                  • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C08364
                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C08375
                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C0838A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                  • String ID:
                                                  • API String ID: 3462794448-0
                                                  • Opcode ID: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
                                                  • Instruction ID: d27bf0d777b8330601a37fca0957ff4bcdccadc619ef0697712821d52fb6076c
                                                  • Opcode Fuzzy Hash: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
                                                  • Instruction Fuzzy Hash: 854160A3A19682C1EA209B12E5402BA67B4FF85FA4F45513EDF9D97785DE3CE901CF00
                                                  Function 00007FF685C1A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A5E7
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A61D
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A64A
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A65B
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A66C
                                                  • SetLastError.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A687
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Value$ErrorLast
                                                  • String ID:
                                                  • API String ID: 2506987500-0
                                                  • Opcode ID: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                  • Instruction ID: 14166fc75cfea547a910b21a793e2a692315f1ae15d2e9db06a64e1c57c625d7
                                                  • Opcode Fuzzy Hash: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                  • Instruction Fuzzy Hash: 92116D22E88642C2FA586B22DA5117965727F48FB0F44533DD83ECA6D6DE2CAC01CF41
                                                  Function 00007FF685C02300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                  • String ID: Unhandled exception in script
                                                  • API String ID: 3081866767-2699770090
                                                  • Opcode ID: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                  • Instruction ID: afb357a5291bbbb34abe69d56f0ac930d014b587d9716e2c89bb95c35054cf09
                                                  • Opcode Fuzzy Hash: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                  • Instruction Fuzzy Hash: 74313C76A09682C9EB209F61E8552E96370FF89BA8F44113EEA4D8BB55DF3CD544CB00
                                                  Function 00007FF685C02760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                  • API String ID: 1878133881-640379615
                                                  • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                  • Instruction ID: a1b38a077daf4f05d353598450d1b4fee04690478131321f13db4b399003969a
                                                  • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                  • Instruction Fuzzy Hash: 89215EB3628A86C1E6209B10F4517EAA774FF84B98F40513EE68C83699DF7CDA45CF40
                                                  Function 00007FF685C18DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                  • Instruction ID: 5f6398b0e7cd8790c92b04f61e4ad22835e4145cd41f5b464b64964daffe6fc1
                                                  • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                  • Instruction Fuzzy Hash: E0F04F62A19706C1EE109B25E4443796730FF49FB5F54163DC66D861E4CF2CE849CB00
                                                  Function 00007FF685C28678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _set_statfp
                                                  • String ID:
                                                  • API String ID: 1156100317-0
                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                  • Instruction ID: 14580611c09f9c95750dea3f7be5678755cb77185d5facf1daf615fa3d6f1e5c
                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                  • Instruction Fuzzy Hash: CF119D27E58B0281F654112AD45537501707F5CF74F15663CF96EA66D6CE2CAC44C910
                                                  Function 00007FF685C1A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A6BF
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A6DE
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A706
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A717
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A728
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                  • Instruction ID: 9a7699f806612649be8635e907af5200e38123e2623ee23a428550461c359f24
                                                  • Opcode Fuzzy Hash: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                  • Instruction Fuzzy Hash: 5B116D22F48642C2FA585726D95117A61B27F89BB0E44433DE83DCA6D6DE2CED41CF81
                                                  Function 00007FF685C1A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                  • Instruction ID: 250da9ff880c46d1b1f08536eb3ef661a140eb3cbf5460fb8d56bf273ac8af1e
                                                  • Opcode Fuzzy Hash: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                  • Instruction Fuzzy Hash: BF111C22E8C607C1F9586626C8511BA21A26F49F70E44573DD93ECA2D3ED2CBC41DF41
                                                  Function 00007FF685C152B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: verbose
                                                  • API String ID: 3215553584-579935070
                                                  • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                  • Instruction ID: 7b5b703d29bf71120126e374d2d553cc239766542e45e09d620ec5c5b7d5626b
                                                  • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                  • Instruction Fuzzy Hash: 19919B23A48A46C5E7619A25E45037D36A1BF40FA6F88813EDA9A873D5DE7CEC05CF01
                                                  Function 00007FF685C1EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                  • API String ID: 3215553584-1196891531
                                                  • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                  • Instruction ID: e7c02808a921401184dc7bddc552f87ce37ebdfae5c170cf0caccd40af69cbf6
                                                  • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                  • Instruction Fuzzy Hash: A5817877E88642C5FA648E39C1102782AB0BF11F68F65803EDA0AD7295DF2DED41DE21
                                                  Function 00007FF685C0C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 2395640692-1018135373
                                                  • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                  • Instruction ID: 7c59c6be702d0ac148fdd5d7cee97cf6064654859f93bba144f23019a46460f0
                                                  • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                  • Instruction Fuzzy Hash: D2516C73B19652CADB14DA15E444A79ABA1FF44FA8F50813EDA4987784DF7CEC41CB00
                                                  Function 00007FF685C0E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                  • String ID: csm$csm
                                                  • API String ID: 3896166516-3733052814
                                                  • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                  • Instruction ID: c8327010e14520a20af4a23714ec19886dd85e83e04c0053dec17e7ccce5d52c
                                                  • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                  • Instruction Fuzzy Hash: 175146B3A48646CAEA648E25E14427876B0FF54FA4F14513EDB5D87B95CF38E850CF01
                                                  Function 00007FF685C0E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CallEncodePointerTranslator
                                                  • String ID: MOC$RCC
                                                  • API String ID: 3544855599-2084237596
                                                  • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                  • Instruction ID: 86c63ed553317ee9a5160b10077f6ccec7ca898af6453588e11e5e2c42ee1411
                                                  • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                  • Instruction Fuzzy Hash: 0C616D73908B85C1D6619F15E4403AAB7B0FB85BA4F04522EEB9C83B95CF7CE590CB00
                                                  Function 00007FF685C07530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateDirectoryW.KERNEL32(00000000,?,00007FF685C0324C,?,?,00007FF685C03964), ref: 00007FF685C07642
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectory
                                                  • String ID: %.*s$%s%c$\
                                                  • API String ID: 4241100979-1685191245
                                                  • Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                  • Instruction ID: acd13dfeec0afb1df0e61e8483318a249cbb9e1489a8f834a77b495c37459c11
                                                  • Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                  • Instruction Fuzzy Hash: A931C9A2619AC5C5EA219B15E4107EA62B4FF54FF0F40423EEA6D837C5DE2CDA45CF00
                                                  Function 00007FF685C025F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: Error$Error/warning (ANSI fallback)
                                                  • API String ID: 1878133881-653037927
                                                  • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                  • Instruction ID: f29d63a575917b1e380c3148ba56d61b2ab9e4d1ffc77a09d9c05385ac55cda6
                                                  • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                  • Instruction Fuzzy Hash: EE112BA3628B85C1EA208B10E451BA97374FF48F98F90613EEA9D97654DF7CDA05CB40
                                                  Function 00007FF685C02870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: Error/warning (ANSI fallback)$Warning
                                                  • API String ID: 1878133881-2698358428
                                                  • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                  • Instruction ID: 3113eea998f22cea716098c85f6a5d855dc725e7a46a96b0e4f5480a4f34edef
                                                  • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                  • Instruction Fuzzy Hash: 4A112BA3628B85C1EA208B10E451BA97774FF48F98F90613EDA9D97654DF3CDA09CB40
                                                  Function 00007FF685C1B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 2718003287-0
                                                  • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                  • Instruction ID: 053acdfcd63740051a5ddba051008f8aa03c0650d691feefb292895d2f945746
                                                  • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                  • Instruction Fuzzy Hash: C6D1C173B48A81C9E711CF65D4402AC3BB5FB44BA8B14427EDE5E97B99DE38D816CB00
                                                  Function 00007FF685C1EC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_isindst
                                                  • String ID:
                                                  • API String ID: 4170891091-0
                                                  • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                  • Instruction ID: 9a9d8ae3739e4de2d3de3f8e92dcce976629f7c66aa00bafefbd8e4b94c666ce
                                                  • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                  • Instruction Fuzzy Hash: A651B073F44211CAEB14DF64D9556BC2AB1BF14B69F50013EED1ED2AE5DF38A801CA00
                                                  Function 00007FF685C14A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                  • String ID:
                                                  • API String ID: 2780335769-0
                                                  • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                  • Instruction ID: 3f0c566863db62b8b41187bfe0188f3ada6683a7b5fb633fc2a555be8577569c
                                                  • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                  • Instruction Fuzzy Hash: D7515A2BA48741CAEB14CF61D5903BD27B1BF48B68F10953DDE0987689DF78D881CB40
                                                  Function 00007FF685C02030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: LongWindow$DialogInvalidateRect
                                                  • String ID:
                                                  • API String ID: 1956198572-0
                                                  • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                  • Instruction ID: 179e332a52a6caf5f3244e7f9c71b0468eecc634d0f3ae9d25fe2b6e19dbbd57
                                                  • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                  • Instruction Fuzzy Hash: 0B11AC72F08242C1FE549B59E54427A5671FF88FA4F44903EDA4947B99CE3DDCC1C900
                                                  Function 00007FF685C24E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                  • String ID: ?
                                                  • API String ID: 1286766494-1684325040
                                                  • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                  • Instruction ID: 8cd4f75ca011771cb862106697be93b446b324c471b028bbf928cac16df0abb4
                                                  • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                  • Instruction Fuzzy Hash: 8141BF27A1878286FB249B25D48177AA670BF89FB4F10523DEA5C86AD5DE3CD841CB00
                                                  Function 00007FF685C1832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C1835E
                                                    • Part of subcall function 00007FF685C19C58: RtlFreeHeap.NTDLL(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C6E
                                                    • Part of subcall function 00007FF685C19C58: GetLastError.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C78
                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF685C0BEC5), ref: 00007FF685C1837C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                  • String ID: C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                  • API String ID: 3580290477-4251394469
                                                  • Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                  • Instruction ID: 2f778daf22e1b08d4ff3c9803d57bcf8c4c803931f7872e104dd04d22ca2d1aa
                                                  • Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                  • Instruction Fuzzy Hash: 5C416C37A48A52C5EB24DF26E4900BD26B5FF45FA0B55503DEA4E87B85DE3CE881CB00
                                                  Function 00007FF685C1F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                  • String ID: .$:
                                                  • API String ID: 2020911589-4202072812
                                                  • Opcode ID: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
                                                  • Instruction ID: e57ff9c330d33dcbf23a0ce515174ee39578f4a79c368761566c2604cb4ba3c9
                                                  • Opcode Fuzzy Hash: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
                                                  • Instruction Fuzzy Hash: B7414D23E48652D8FB11ABA1D8501BC26B4BF14B68F54013DDE4EA7A45EF389842CB50
                                                  Function 00007FF685C1BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastWrite
                                                  • String ID: U
                                                  • API String ID: 442123175-4171548499
                                                  • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                  • Instruction ID: 0e30967b9d5467c5804a013f9eab0cd87e76c95a525f999f8a8d70cca84567df
                                                  • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                  • Instruction Fuzzy Hash: 6141A023A18A85C2DB20DF25E4447A96B74FF88BA4F804039EA4D87798DF3CD841CF00
                                                  Function 00007FF685C1E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory
                                                  • String ID: :
                                                  • API String ID: 1611563598-336475711
                                                  • Opcode ID: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                  • Instruction ID: 83a0ab7d5eb257b8ae2ee5be2ab584b69e450dabe7ce83c9c8b6456a81d39055
                                                  • Opcode Fuzzy Hash: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                  • Instruction Fuzzy Hash: 8F217C63A08685C2EB609F15D0442AD67B2FF88F54F45403EDA8DC3684DF7CE985CB81
                                                  Function 00007FF685C0F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFileHeaderRaise
                                                  • String ID: csm
                                                  • API String ID: 2573137834-1018135373
                                                  • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                  • Instruction ID: 67a6bf97cd656c15a168fc222189fec1fb2ffb28cd1c1f8d55d89a89ff464112
                                                  • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                  • Instruction Fuzzy Hash: C4111936618B8582EB218B15E44026AB7E4FF88B98F584239DA8D47768DF3CD951CB00
                                                  Function 00007FF685C1FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.1718390277.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000000.00000002.1718374175.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718415271.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718437795.00007FF685C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.1718475032.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                  • String ID: :
                                                  • API String ID: 2595371189-336475711
                                                  • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                  • Instruction ID: 85e6bc3fd1e5266f124d4eeadb72387b7bae2cc3ce032bf0df24f1b1818597d8
                                                  • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                  • Instruction Fuzzy Hash: 86017863A58246C6EB20AF60D4612BE26B0FF48B68F80103ED54DC2691DE6CE905CF24

                                                  Execution Graph

                                                  Execution Coverage:2.5%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:819
                                                  Total number of Limit Nodes:61
                                                  execution_graph 55800 7ffe00746110 55801 7ffe00746124 55800->55801 55802 7ffe00746138 55800->55802 55804 7ffe00746161 55801->55804 55813 7ffe0074626c 55801->55813 55853 7ffe0077a4a8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 55802->55853 55805 7ffe00746211 55804->55805 55806 7ffe0074616a 55804->55806 55846 7ffe007476f0 55805->55846 55808 7ffe0074616f GetLastError 55806->55808 55809 7ffe007461e9 55806->55809 55807 7ffe007461d5 55811 7ffe00746186 55808->55811 55812 7ffe0074618b 55808->55812 55809->55807 55814 7ffe007461f9 55809->55814 55854 7ffe00743a40 6 API calls _vfwprintf_l 55811->55854 55821 7ffe00746197 55812->55821 55857 7ffe007462cc 6 API calls _vfwprintf_l 55812->55857 55813->55807 55874 7ffe007477ec 117 API calls 55813->55874 55856 7ffe00743a40 6 API calls _vfwprintf_l 55814->55856 55819 7ffe00746223 55822 7ffe007462b7 SetLastError 55819->55822 55858 7ffe0073dcf0 55819->55858 55820 7ffe007461fe 55820->55807 55877 7ffe007462cc 6 API calls _vfwprintf_l 55820->55877 55821->55822 55823 7ffe007461a1 55821->55823 55822->55807 55823->55822 55826 7ffe007461aa 55823->55826 55855 7ffe00743a40 6 API calls _vfwprintf_l 55826->55855 55828 7ffe007833ef 55878 7ffe0074f930 29 API calls __free_lconv_mon 55828->55878 55830 7ffe007462a9 55875 7ffe007462cc 6 API calls _vfwprintf_l 55830->55875 55831 7ffe00746248 55871 7ffe007462cc 6 API calls _vfwprintf_l 55831->55871 55833 7ffe007461b5 SetLastError 55833->55807 55837 7ffe007461d0 55833->55837 55836 7ffe00746250 55839 7ffe00746258 55836->55839 55840 7ffe00783408 55836->55840 55837->55807 55838 7ffe007462b0 55876 7ffe0073f040 25 API calls 2 library calls 55838->55876 55872 7ffe007463a4 25 API calls memmove_s 55839->55872 55879 7ffe007462cc 6 API calls _vfwprintf_l 55840->55879 55844 7ffe00746260 55873 7ffe0073f040 25 API calls 2 library calls 55844->55873 55880 7ffe0077967c 55846->55880 55849 7ffe00747704 55850 7ffe0074773d 55849->55850 55888 7ffe0074c7f0 EnterCriticalSection 55849->55888 55851 7ffe00747746 55850->55851 55896 7ffe007796bc 8 API calls 3 library calls 55850->55896 55851->55807 55853->55801 55854->55812 55855->55833 55856->55820 55857->55819 55859 7ffe0073dd01 55858->55859 55860 7ffe0073dd16 HeapAlloc 55858->55860 55859->55860 55861 7ffe00780f6e 55859->55861 55862 7ffe0073dd47 55860->55862 55865 7ffe00780f80 55860->55865 55950 7ffe00743440 25 API calls 2 library calls 55861->55950 55862->55830 55862->55831 55866 7ffe00780fb9 55865->55866 55870 7ffe00780f9f HeapAlloc 55865->55870 55951 7ffe00733964 8 API calls _vfwprintf_l 55865->55951 55952 7ffe0079c860 10 API calls memmove_s 55865->55952 55953 7ffe00743440 25 API calls 2 library calls 55866->55953 55869 7ffe00780fc3 55870->55865 55870->55866 55871->55836 55872->55844 55873->55821 55874->55807 55875->55838 55876->55822 55877->55828 55878->55837 55879->55838 55881 7ffe00779685 __vcrt_initialize_winapi_thunks 55880->55881 55897 7ffe00779c98 55881->55897 55884 7ffe00779698 55884->55849 55886 7ffe007796a1 55886->55884 55904 7ffe00779d04 DeleteCriticalSection 55886->55904 55921 7ffe0074c998 55888->55921 55890 7ffe0074c80c 55891 7ffe0074c81c LeaveCriticalSection 55890->55891 55932 7ffe0074c93c 79 API calls 55890->55932 55891->55849 55893 7ffe0074c815 55933 7ffe0074c838 GetStdHandle GetFileType 55893->55933 55895 7ffe0074c81a 55895->55891 55896->55850 55898 7ffe00779ca0 55897->55898 55900 7ffe00779cd1 55898->55900 55902 7ffe00779694 55898->55902 55905 7ffe0077a0a0 55898->55905 55910 7ffe00779d04 DeleteCriticalSection 55900->55910 55902->55884 55903 7ffe00779854 8 API calls 2 library calls 55902->55903 55903->55886 55904->55884 55911 7ffe00779d88 55905->55911 55908 7ffe0077a0e0 55908->55898 55909 7ffe0077a0eb InitializeCriticalSectionAndSpinCount 55909->55908 55910->55902 55912 7ffe00779de9 55911->55912 55919 7ffe00779de4 try_get_function 55911->55919 55912->55908 55912->55909 55913 7ffe00779ecc 55913->55912 55915 7ffe00779eda GetProcAddress 55913->55915 55914 7ffe00779e18 LoadLibraryExW 55916 7ffe00779e39 GetLastError 55914->55916 55914->55919 55917 7ffe00779eeb 55915->55917 55916->55919 55917->55912 55918 7ffe00779eb1 FreeLibrary 55918->55919 55919->55912 55919->55913 55919->55914 55919->55918 55920 7ffe00779e73 LoadLibraryExW 55919->55920 55920->55919 55922 7ffe0074c9bb EnterCriticalSection 55921->55922 55923 7ffe00785b28 55921->55923 55930 7ffe0074c9d3 55922->55930 55946 7ffe00743440 25 API calls 2 library calls 55923->55946 55925 7ffe0074ca12 LeaveCriticalSection 55925->55890 55926 7ffe00785b2d 55947 7ffe00752370 73 API calls memmove_s 55926->55947 55928 7ffe00785b39 55930->55925 55931 7ffe0074ca0d 55930->55931 55934 7ffe0074ca40 55930->55934 55931->55925 55932->55893 55933->55895 55935 7ffe0073dcf0 memmove_s 25 API calls 55934->55935 55938 7ffe0074ca54 55935->55938 55936 7ffe0074cb24 55948 7ffe0073f040 25 API calls 2 library calls 55936->55948 55938->55936 55940 7ffe00785b83 InitializeCriticalSectionAndSpinCount 55938->55940 55941 7ffe00785b40 55938->55941 55939 7ffe0074cb42 55939->55930 55942 7ffe00785b98 GetProcAddress 55940->55942 55941->55942 55943 7ffe00785b5c 55941->55943 55949 7ffe0074bfe0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary try_get_function 55941->55949 55942->55943 55943->55940 55945 7ffe00785bdb 55943->55945 55945->55945 55946->55926 55947->55928 55948->55939 55949->55941 55950->55862 55951->55865 55952->55865 55953->55869 55954 7ff685c18c79 55966 7ff685c196e8 55954->55966 55956 7ff685c18c7e 55957 7ff685c18cef 55956->55957 55958 7ff685c18ca5 GetModuleHandleW 55956->55958 55959 7ff685c18b7c 11 API calls 55957->55959 55958->55957 55964 7ff685c18cb2 55958->55964 55960 7ff685c18d2b 55959->55960 55961 7ff685c18d32 55960->55961 55962 7ff685c18d48 11 API calls 55960->55962 55963 7ff685c18d44 55962->55963 55964->55957 55965 7ff685c18da0 GetModuleHandleExW GetProcAddress FreeLibrary 55964->55965 55965->55957 55971 7ff685c1a460 45 API calls 3 library calls 55966->55971 55968 7ff685c196f1 55972 7ff685c19814 45 API calls 2 library calls 55968->55972 55971->55968 55973 7ff685c14938 55974 7ff685c1496f 55973->55974 55975 7ff685c14952 55973->55975 55974->55975 55976 7ff685c14982 CreateFileW 55974->55976 56024 7ff685c143d4 11 API calls _get_daylight 55975->56024 55978 7ff685c149b6 55976->55978 55979 7ff685c149ec 55976->55979 55998 7ff685c14a8c GetFileType 55978->55998 56027 7ff685c14f14 46 API calls 3 library calls 55979->56027 55980 7ff685c14957 56025 7ff685c143f4 11 API calls _get_daylight 55980->56025 55985 7ff685c149f1 55989 7ff685c14a20 55985->55989 55990 7ff685c149f5 55985->55990 55986 7ff685c1495f 56026 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 55986->56026 55987 7ff685c149cb CloseHandle 55992 7ff685c1496a 55987->55992 55988 7ff685c149e1 CloseHandle 55988->55992 56029 7ff685c14cd4 55989->56029 56028 7ff685c14368 11 API calls 2 library calls 55990->56028 55997 7ff685c149ff 55997->55992 55999 7ff685c14b97 55998->55999 56000 7ff685c14ada 55998->56000 56002 7ff685c14b9f 55999->56002 56003 7ff685c14bc1 55999->56003 56001 7ff685c14b06 GetFileInformationByHandle 56000->56001 56047 7ff685c14e10 21 API calls _fread_nolock 56000->56047 56004 7ff685c14b2f 56001->56004 56005 7ff685c14bb2 GetLastError 56001->56005 56002->56005 56006 7ff685c14ba3 56002->56006 56007 7ff685c14be4 PeekNamedPipe 56003->56007 56022 7ff685c14b82 56003->56022 56009 7ff685c14cd4 51 API calls 56004->56009 56050 7ff685c14368 11 API calls 2 library calls 56005->56050 56049 7ff685c143f4 11 API calls _get_daylight 56006->56049 56007->56022 56013 7ff685c14b3a 56009->56013 56012 7ff685c14af4 56012->56001 56012->56022 56040 7ff685c14c34 56013->56040 56018 7ff685c14c34 10 API calls 56019 7ff685c14b59 56018->56019 56020 7ff685c14c34 10 API calls 56019->56020 56021 7ff685c14b6a 56020->56021 56021->56022 56048 7ff685c143f4 11 API calls _get_daylight 56021->56048 56051 7ff685c0b870 56022->56051 56024->55980 56025->55986 56026->55992 56027->55985 56028->55997 56031 7ff685c14cfc 56029->56031 56030 7ff685c14a2d 56039 7ff685c14e10 21 API calls _fread_nolock 56030->56039 56031->56030 56062 7ff685c1ea34 51 API calls 2 library calls 56031->56062 56033 7ff685c14d90 56033->56030 56063 7ff685c1ea34 51 API calls 2 library calls 56033->56063 56035 7ff685c14da3 56035->56030 56064 7ff685c1ea34 51 API calls 2 library calls 56035->56064 56037 7ff685c14db6 56037->56030 56065 7ff685c1ea34 51 API calls 2 library calls 56037->56065 56039->55997 56041 7ff685c14c5d FileTimeToSystemTime 56040->56041 56042 7ff685c14c50 56040->56042 56043 7ff685c14c71 SystemTimeToTzSpecificLocalTime 56041->56043 56044 7ff685c14c58 56041->56044 56042->56041 56042->56044 56043->56044 56045 7ff685c0b870 _log10_special 8 API calls 56044->56045 56046 7ff685c14b49 56045->56046 56046->56018 56047->56012 56048->56022 56049->56022 56050->56022 56052 7ff685c0b879 56051->56052 56053 7ff685c0b884 56052->56053 56054 7ff685c0bc00 IsProcessorFeaturePresent 56052->56054 56053->55987 56053->55988 56055 7ff685c0bc18 56054->56055 56060 7ff685c0bdf8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 56055->56060 56057 7ff685c0bc2b 56061 7ff685c0bbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 56057->56061 56060->56057 56062->56033 56063->56035 56064->56037 56065->56030 56066 7ff685c02d00 56067 7ff685c02d10 56066->56067 56068 7ff685c02d61 56067->56068 56069 7ff685c02d4b 56067->56069 56071 7ff685c02d81 56068->56071 56081 7ff685c02d97 __vcrt_freefls 56068->56081 56122 7ff685c025f0 53 API calls _log10_special 56069->56122 56123 7ff685c025f0 53 API calls _log10_special 56071->56123 56072 7ff685c0b870 _log10_special 8 API calls 56074 7ff685c02f1a 56072->56074 56076 7ff685c03069 56130 7ff685c025f0 53 API calls _log10_special 56076->56130 56079 7ff685c03053 56129 7ff685c025f0 53 API calls _log10_special 56079->56129 56081->56076 56081->56079 56082 7ff685c0302d 56081->56082 56084 7ff685c02f27 56081->56084 56093 7ff685c02d57 __vcrt_freefls 56081->56093 56094 7ff685c01440 56081->56094 56118 7ff685c01bf0 56081->56118 56128 7ff685c025f0 53 API calls _log10_special 56082->56128 56085 7ff685c02f93 56084->56085 56124 7ff685c19714 37 API calls 2 library calls 56084->56124 56087 7ff685c02fb0 56085->56087 56088 7ff685c02fbe 56085->56088 56125 7ff685c19714 37 API calls 2 library calls 56087->56125 56126 7ff685c02af0 37 API calls 56088->56126 56091 7ff685c02fbc 56127 7ff685c02470 54 API calls __vcrt_freefls 56091->56127 56093->56072 56131 7ff685c03f70 56094->56131 56097 7ff685c0148c 56141 7ff685c0f9f4 56097->56141 56098 7ff685c0146b 56167 7ff685c025f0 53 API calls _log10_special 56098->56167 56101 7ff685c0147b 56101->56081 56102 7ff685c014a1 56103 7ff685c014a5 56102->56103 56105 7ff685c014c1 56102->56105 56168 7ff685c02760 53 API calls 2 library calls 56103->56168 56106 7ff685c014f1 56105->56106 56107 7ff685c014d1 56105->56107 56109 7ff685c014f7 56106->56109 56115 7ff685c0150a 56106->56115 56169 7ff685c02760 53 API calls 2 library calls 56107->56169 56145 7ff685c011f0 56109->56145 56111 7ff685c01584 56111->56081 56113 7ff685c014bc __vcrt_freefls 56163 7ff685c0f36c 56113->56163 56115->56113 56116 7ff685c01596 56115->56116 56170 7ff685c0f6bc 56115->56170 56173 7ff685c02760 53 API calls 2 library calls 56116->56173 56119 7ff685c01c15 56118->56119 56415 7ff685c13ca4 56119->56415 56122->56093 56123->56093 56124->56085 56125->56091 56126->56091 56127->56093 56128->56093 56129->56093 56130->56093 56132 7ff685c03f7c 56131->56132 56174 7ff685c086b0 56132->56174 56134 7ff685c03fa4 56135 7ff685c086b0 2 API calls 56134->56135 56136 7ff685c03fb7 56135->56136 56179 7ff685c152a4 56136->56179 56139 7ff685c0b870 _log10_special 8 API calls 56140 7ff685c01463 56139->56140 56140->56097 56140->56098 56142 7ff685c0fa24 56141->56142 56350 7ff685c0f784 56142->56350 56144 7ff685c0fa3d 56144->56102 56146 7ff685c01248 56145->56146 56147 7ff685c0124f 56146->56147 56148 7ff685c01277 56146->56148 56367 7ff685c025f0 53 API calls _log10_special 56147->56367 56151 7ff685c01291 56148->56151 56153 7ff685c012ad 56148->56153 56150 7ff685c01262 56150->56113 56368 7ff685c02760 53 API calls 2 library calls 56151->56368 56154 7ff685c012bf 56153->56154 56162 7ff685c012db memcpy_s 56153->56162 56369 7ff685c02760 53 API calls 2 library calls 56154->56369 56156 7ff685c0f6bc _fread_nolock 53 API calls 56156->56162 56157 7ff685c0f430 37 API calls 56157->56162 56158 7ff685c012a8 __vcrt_freefls 56158->56113 56159 7ff685c0139f 56370 7ff685c025f0 53 API calls _log10_special 56159->56370 56162->56156 56162->56157 56162->56158 56162->56159 56363 7ff685c0fdfc 56162->56363 56164 7ff685c0f39c 56163->56164 56387 7ff685c0f148 56164->56387 56166 7ff685c0f3b5 56166->56111 56167->56101 56168->56113 56169->56113 56399 7ff685c0f6dc 56170->56399 56173->56113 56175 7ff685c086d2 MultiByteToWideChar 56174->56175 56176 7ff685c086f6 56174->56176 56175->56176 56178 7ff685c0870c __vcrt_freefls 56175->56178 56177 7ff685c08713 MultiByteToWideChar 56176->56177 56176->56178 56177->56178 56178->56134 56180 7ff685c151d8 56179->56180 56181 7ff685c151fe 56180->56181 56183 7ff685c15231 56180->56183 56210 7ff685c143f4 11 API calls _get_daylight 56181->56210 56185 7ff685c15237 56183->56185 56186 7ff685c15244 56183->56186 56184 7ff685c15203 56211 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56184->56211 56212 7ff685c143f4 11 API calls _get_daylight 56185->56212 56198 7ff685c19f38 56186->56198 56190 7ff685c03fc6 56190->56139 56192 7ff685c15258 56213 7ff685c143f4 11 API calls _get_daylight 56192->56213 56193 7ff685c15265 56205 7ff685c1f1dc 56193->56205 56196 7ff685c15278 56214 7ff685c14788 LeaveCriticalSection 56196->56214 56215 7ff685c1f5e8 EnterCriticalSection 56198->56215 56200 7ff685c19f4f 56201 7ff685c19fac 19 API calls 56200->56201 56202 7ff685c19f5a 56201->56202 56203 7ff685c1f648 _isindst LeaveCriticalSection 56202->56203 56204 7ff685c1524e 56203->56204 56204->56192 56204->56193 56216 7ff685c1eed8 56205->56216 56209 7ff685c1f236 56209->56196 56210->56184 56211->56190 56212->56190 56213->56190 56217 7ff685c1ef13 __vcrt_FlsAlloc 56216->56217 56218 7ff685c1f0da 56217->56218 56231 7ff685c16d4c 51 API calls 3 library calls 56217->56231 56222 7ff685c1f0e3 56218->56222 56234 7ff685c143f4 11 API calls _get_daylight 56218->56234 56220 7ff685c1f1b1 56235 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56220->56235 56222->56209 56228 7ff685c26064 56222->56228 56224 7ff685c1f145 56224->56218 56232 7ff685c16d4c 51 API calls 3 library calls 56224->56232 56226 7ff685c1f164 56226->56218 56233 7ff685c16d4c 51 API calls 3 library calls 56226->56233 56236 7ff685c25664 56228->56236 56231->56224 56232->56226 56233->56218 56234->56220 56235->56222 56237 7ff685c25699 56236->56237 56238 7ff685c2567b 56236->56238 56237->56238 56240 7ff685c256b5 56237->56240 56290 7ff685c143f4 11 API calls _get_daylight 56238->56290 56247 7ff685c25c74 56240->56247 56241 7ff685c25680 56291 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56241->56291 56245 7ff685c2568c 56245->56209 56293 7ff685c259a8 56247->56293 56250 7ff685c25ce9 56324 7ff685c143d4 11 API calls _get_daylight 56250->56324 56251 7ff685c25d01 56312 7ff685c17830 56251->56312 56254 7ff685c25cee 56325 7ff685c143f4 11 API calls _get_daylight 56254->56325 56262 7ff685c256e0 56262->56245 56292 7ff685c17808 LeaveCriticalSection 56262->56292 56290->56241 56291->56245 56294 7ff685c259d4 56293->56294 56302 7ff685c259ee 56293->56302 56294->56302 56337 7ff685c143f4 11 API calls _get_daylight 56294->56337 56296 7ff685c259e3 56338 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56296->56338 56298 7ff685c25abd 56305 7ff685c25b1a 56298->56305 56343 7ff685c18e90 37 API calls 2 library calls 56298->56343 56299 7ff685c25a6c 56299->56298 56341 7ff685c143f4 11 API calls _get_daylight 56299->56341 56302->56299 56339 7ff685c143f4 11 API calls _get_daylight 56302->56339 56303 7ff685c25ab2 56342 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56303->56342 56305->56250 56305->56251 56306 7ff685c25b16 56306->56305 56344 7ff685c19c10 IsProcessorFeaturePresent 56306->56344 56308 7ff685c25a61 56340 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56308->56340 56349 7ff685c1f5e8 EnterCriticalSection 56312->56349 56324->56254 56325->56262 56337->56296 56338->56302 56339->56308 56340->56299 56341->56303 56342->56298 56343->56306 56345 7ff685c19c23 56344->56345 56348 7ff685c19924 14 API calls 3 library calls 56345->56348 56347 7ff685c19c3e GetCurrentProcess TerminateProcess 56348->56347 56351 7ff685c0f7ee 56350->56351 56352 7ff685c0f7ae 56350->56352 56351->56352 56354 7ff685c0f7fa 56351->56354 56362 7ff685c19b24 37 API calls 2 library calls 56352->56362 56361 7ff685c1477c EnterCriticalSection 56354->56361 56355 7ff685c0f7d5 56355->56144 56357 7ff685c0f7ff 56358 7ff685c0f908 71 API calls 56357->56358 56359 7ff685c0f811 56358->56359 56360 7ff685c14788 _fread_nolock LeaveCriticalSection 56359->56360 56360->56355 56362->56355 56364 7ff685c0fe2c 56363->56364 56371 7ff685c0fb4c 56364->56371 56366 7ff685c0fe4a 56366->56162 56367->56150 56368->56158 56369->56158 56370->56158 56372 7ff685c0fb6c 56371->56372 56373 7ff685c0fb99 56371->56373 56372->56373 56374 7ff685c0fb76 56372->56374 56375 7ff685c0fba1 56372->56375 56373->56366 56385 7ff685c19b24 37 API calls 2 library calls 56374->56385 56378 7ff685c0fa8c 56375->56378 56386 7ff685c1477c EnterCriticalSection 56378->56386 56380 7ff685c0faa9 56381 7ff685c0facc 74 API calls 56380->56381 56382 7ff685c0fab2 56381->56382 56383 7ff685c14788 _fread_nolock LeaveCriticalSection 56382->56383 56384 7ff685c0fabd 56383->56384 56384->56373 56385->56373 56388 7ff685c0f163 56387->56388 56391 7ff685c0f191 56387->56391 56398 7ff685c19b24 37 API calls 2 library calls 56388->56398 56390 7ff685c0f183 56390->56166 56391->56390 56397 7ff685c1477c EnterCriticalSection 56391->56397 56393 7ff685c0f1a8 56394 7ff685c0f1c4 72 API calls 56393->56394 56395 7ff685c0f1b4 56394->56395 56396 7ff685c14788 _fread_nolock LeaveCriticalSection 56395->56396 56396->56390 56398->56390 56400 7ff685c0f706 56399->56400 56411 7ff685c0f6d4 56399->56411 56401 7ff685c0f752 56400->56401 56402 7ff685c0f715 memcpy_s 56400->56402 56400->56411 56412 7ff685c1477c EnterCriticalSection 56401->56412 56413 7ff685c143f4 11 API calls _get_daylight 56402->56413 56404 7ff685c0f75a 56406 7ff685c0f45c _fread_nolock 51 API calls 56404->56406 56408 7ff685c0f771 56406->56408 56407 7ff685c0f72a 56414 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56407->56414 56410 7ff685c14788 _fread_nolock LeaveCriticalSection 56408->56410 56410->56411 56411->56115 56413->56407 56414->56411 56417 7ff685c13cfe 56415->56417 56416 7ff685c13d23 56433 7ff685c19b24 37 API calls 2 library calls 56416->56433 56417->56416 56419 7ff685c13d5f 56417->56419 56434 7ff685c11f30 49 API calls _invalid_parameter_noinfo 56419->56434 56421 7ff685c13d4d 56423 7ff685c0b870 _log10_special 8 API calls 56421->56423 56422 7ff685c13e3c 56424 7ff685c19c58 __free_lconv_mon 11 API calls 56422->56424 56425 7ff685c01c38 56423->56425 56424->56421 56425->56081 56426 7ff685c13df6 56426->56422 56427 7ff685c13e11 56426->56427 56428 7ff685c13e60 56426->56428 56430 7ff685c13e08 56426->56430 56435 7ff685c19c58 56427->56435 56428->56422 56431 7ff685c13e6a 56428->56431 56430->56422 56430->56427 56432 7ff685c19c58 __free_lconv_mon 11 API calls 56431->56432 56432->56421 56433->56421 56434->56426 56436 7ff685c19c5d HeapFree 56435->56436 56440 7ff685c19c8c 56435->56440 56437 7ff685c19c78 GetLastError 56436->56437 56436->56440 56438 7ff685c19c85 __free_lconv_mon 56437->56438 56441 7ff685c143f4 11 API calls _get_daylight 56438->56441 56440->56421 56441->56440 56442 7ff685c0bf5c 56463 7ff685c0c12c 56442->56463 56445 7ff685c0c0a8 56582 7ff685c0c44c 7 API calls 2 library calls 56445->56582 56446 7ff685c0bf78 __scrt_acquire_startup_lock 56448 7ff685c0c0b2 56446->56448 56455 7ff685c0bf96 __scrt_release_startup_lock 56446->56455 56583 7ff685c0c44c 7 API calls 2 library calls 56448->56583 56450 7ff685c0bfbb 56451 7ff685c0c0bd __CxxCallCatchBlock 56452 7ff685c0c041 56469 7ff685c0c594 56452->56469 56454 7ff685c0c046 56472 7ff685c01000 56454->56472 56455->56450 56455->56452 56579 7ff685c18e44 45 API calls 56455->56579 56460 7ff685c0c069 56460->56451 56581 7ff685c0c2b0 7 API calls 56460->56581 56462 7ff685c0c080 56462->56450 56464 7ff685c0c134 56463->56464 56465 7ff685c0c140 __scrt_dllmain_crt_thread_attach 56464->56465 56466 7ff685c0c14d 56465->56466 56468 7ff685c0bf70 56465->56468 56466->56468 56584 7ff685c0cba8 7 API calls 2 library calls 56466->56584 56468->56445 56468->56446 56585 7ff685c297e0 56469->56585 56471 7ff685c0c5ab GetStartupInfoW 56471->56454 56473 7ff685c01009 56472->56473 56587 7ff685c14794 56473->56587 56475 7ff685c0352b 56594 7ff685c033e0 56475->56594 56479 7ff685c0b870 _log10_special 8 API calls 56481 7ff685c0372a 56479->56481 56580 7ff685c0c5d8 GetModuleHandleW 56481->56580 56482 7ff685c0356c 56485 7ff685c01bf0 49 API calls 56482->56485 56483 7ff685c03736 56484 7ff685c03f70 108 API calls 56483->56484 56486 7ff685c03746 56484->56486 56500 7ff685c03588 56485->56500 56487 7ff685c03785 56486->56487 56684 7ff685c076a0 56486->56684 56693 7ff685c025f0 53 API calls _log10_special 56487->56693 56491 7ff685c0365f __vcrt_freefls 56498 7ff685c03844 56491->56498 56501 7ff685c07e10 14 API calls 56491->56501 56492 7ff685c03538 56492->56479 56493 7ff685c03778 56494 7ff685c0379f 56493->56494 56495 7ff685c0377d 56493->56495 56497 7ff685c01bf0 49 API calls 56494->56497 56496 7ff685c0f36c 74 API calls 56495->56496 56496->56487 56499 7ff685c037be 56497->56499 56697 7ff685c03e90 49 API calls 56498->56697 56509 7ff685c018f0 115 API calls 56499->56509 56656 7ff685c07e10 56500->56656 56503 7ff685c036ae 56501->56503 56682 7ff685c07f80 40 API calls __vcrt_freefls 56503->56682 56504 7ff685c03852 56506 7ff685c03865 56504->56506 56507 7ff685c03871 56504->56507 56698 7ff685c03fe0 56506->56698 56508 7ff685c01bf0 49 API calls 56507->56508 56525 7ff685c03805 __vcrt_freefls 56508->56525 56512 7ff685c037df 56509->56512 56510 7ff685c036bd 56513 7ff685c0380f 56510->56513 56517 7ff685c036cf 56510->56517 56512->56500 56516 7ff685c037ef 56512->56516 56695 7ff685c08400 58 API calls _log10_special 56513->56695 56515 7ff685c086b0 2 API calls 56520 7ff685c0389e SetDllDirectoryW 56515->56520 56694 7ff685c025f0 53 API calls _log10_special 56516->56694 56518 7ff685c01bf0 49 API calls 56517->56518 56522 7ff685c036f1 56518->56522 56519 7ff685c03814 56696 7ff685c07c40 84 API calls 2 library calls 56519->56696 56528 7ff685c038c3 56520->56528 56522->56525 56526 7ff685c036fc 56522->56526 56525->56515 56683 7ff685c025f0 53 API calls _log10_special 56526->56683 56531 7ff685c03a50 56528->56531 56701 7ff685c06560 53 API calls 56528->56701 56530 7ff685c03834 56530->56498 56530->56525 56533 7ff685c03a7d 56531->56533 56534 7ff685c03a5a PostMessageW GetMessageW 56531->56534 56669 7ff685c03080 56533->56669 56534->56533 56535 7ff685c038d5 56702 7ff685c06b00 118 API calls 2 library calls 56535->56702 56537 7ff685c038ea 56539 7ff685c03947 56537->56539 56540 7ff685c03901 56537->56540 56703 7ff685c065a0 121 API calls _log10_special 56537->56703 56539->56531 56545 7ff685c0395c 56539->56545 56554 7ff685c03905 56540->56554 56704 7ff685c06970 91 API calls 56540->56704 56708 7ff685c030e0 122 API calls 2 library calls 56545->56708 56546 7ff685c03916 56546->56554 56705 7ff685c06cd0 54 API calls 56546->56705 56550 7ff685c03964 56550->56492 56553 7ff685c0396c 56550->56553 56552 7ff685c03aa3 56709 7ff685c083e0 LocalFree 56553->56709 56554->56539 56706 7ff685c02870 53 API calls _log10_special 56554->56706 56557 7ff685c0393f 56707 7ff685c06780 FreeLibrary 56557->56707 56579->56452 56580->56460 56581->56462 56582->56448 56583->56451 56584->56468 56586 7ff685c297d0 56585->56586 56586->56471 56586->56586 56588 7ff685c1e790 56587->56588 56590 7ff685c1e836 56588->56590 56591 7ff685c1e7e3 56588->56591 56712 7ff685c1e668 71 API calls _fread_nolock 56590->56712 56711 7ff685c19b24 37 API calls 2 library calls 56591->56711 56593 7ff685c1e80c 56593->56475 56713 7ff685c0bb70 56594->56713 56597 7ff685c0341b 56720 7ff685c029e0 51 API calls _log10_special 56597->56720 56598 7ff685c03438 56715 7ff685c085a0 FindFirstFileExW 56598->56715 56602 7ff685c034a5 56723 7ff685c08760 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 56602->56723 56603 7ff685c0344b 56721 7ff685c08620 CreateFileW GetFinalPathNameByHandleW CloseHandle 56603->56721 56605 7ff685c0b870 _log10_special 8 API calls 56608 7ff685c034dd 56605->56608 56607 7ff685c034b3 56610 7ff685c0342e 56607->56610 56724 7ff685c026c0 49 API calls _log10_special 56607->56724 56608->56492 56616 7ff685c018f0 56608->56616 56609 7ff685c03458 56611 7ff685c03474 __vcrt_FlsAlloc 56609->56611 56612 7ff685c0345c 56609->56612 56610->56605 56611->56602 56722 7ff685c026c0 49 API calls _log10_special 56612->56722 56615 7ff685c0346d 56615->56610 56617 7ff685c03f70 108 API calls 56616->56617 56618 7ff685c01925 56617->56618 56619 7ff685c01bb6 56618->56619 56620 7ff685c076a0 83 API calls 56618->56620 56621 7ff685c0b870 _log10_special 8 API calls 56619->56621 56622 7ff685c0196b 56620->56622 56623 7ff685c01bd1 56621->56623 56624 7ff685c0f9f4 73 API calls 56622->56624 56655 7ff685c0199c 56622->56655 56623->56482 56623->56483 56626 7ff685c01985 56624->56626 56625 7ff685c0f36c 74 API calls 56625->56619 56627 7ff685c019a1 56626->56627 56628 7ff685c01989 56626->56628 56630 7ff685c0f6bc _fread_nolock 53 API calls 56627->56630 56725 7ff685c02760 53 API calls 2 library calls 56628->56725 56631 7ff685c019b9 56630->56631 56632 7ff685c019bf 56631->56632 56633 7ff685c019d7 56631->56633 56726 7ff685c02760 53 API calls 2 library calls 56632->56726 56635 7ff685c019ee 56633->56635 56636 7ff685c01a06 56633->56636 56727 7ff685c02760 53 API calls 2 library calls 56635->56727 56638 7ff685c01bf0 49 API calls 56636->56638 56639 7ff685c01a1d 56638->56639 56640 7ff685c01bf0 49 API calls 56639->56640 56641 7ff685c01a68 56640->56641 56642 7ff685c0f9f4 73 API calls 56641->56642 56643 7ff685c01a8c 56642->56643 56644 7ff685c01aa1 56643->56644 56645 7ff685c01ab9 56643->56645 56728 7ff685c02760 53 API calls 2 library calls 56644->56728 56646 7ff685c0f6bc _fread_nolock 53 API calls 56645->56646 56648 7ff685c01ace 56646->56648 56649 7ff685c01ad4 56648->56649 56650 7ff685c01aec 56648->56650 56729 7ff685c02760 53 API calls 2 library calls 56649->56729 56730 7ff685c0f430 37 API calls 2 library calls 56650->56730 56653 7ff685c01b06 56653->56655 56731 7ff685c025f0 53 API calls _log10_special 56653->56731 56655->56625 56657 7ff685c07e1a 56656->56657 56658 7ff685c086b0 2 API calls 56657->56658 56659 7ff685c07e39 GetEnvironmentVariableW 56658->56659 56660 7ff685c07ea2 56659->56660 56661 7ff685c07e56 ExpandEnvironmentStringsW 56659->56661 56663 7ff685c0b870 _log10_special 8 API calls 56660->56663 56661->56660 56662 7ff685c07e78 56661->56662 56732 7ff685c08760 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 56662->56732 56665 7ff685c07eb4 56663->56665 56665->56491 56666 7ff685c07e8a 56667 7ff685c0b870 _log10_special 8 API calls 56666->56667 56668 7ff685c07e9a 56667->56668 56668->56491 56733 7ff685c05af0 56669->56733 56672 7ff685c030b9 56678 7ff685c033a0 56672->56678 56674 7ff685c030a1 56674->56672 56803 7ff685c05800 56674->56803 56676 7ff685c030ad 56676->56672 56812 7ff685c05990 53 API calls 56676->56812 56679 7ff685c033ae 56678->56679 56681 7ff685c033bf 56679->56681 56875 7ff685c08180 FreeLibrary 56679->56875 56710 7ff685c06780 FreeLibrary 56681->56710 56682->56510 56683->56492 56685 7ff685c076c4 56684->56685 56686 7ff685c0f9f4 73 API calls 56685->56686 56691 7ff685c0779b __vcrt_freefls 56685->56691 56687 7ff685c076e0 56686->56687 56687->56691 56876 7ff685c16bd8 56687->56876 56689 7ff685c0f9f4 73 API calls 56692 7ff685c076f5 56689->56692 56690 7ff685c0f6bc _fread_nolock 53 API calls 56690->56692 56691->56493 56692->56689 56692->56690 56692->56691 56693->56492 56694->56492 56695->56519 56696->56530 56697->56504 56699 7ff685c01bf0 49 API calls 56698->56699 56700 7ff685c04010 56699->56700 56700->56525 56700->56700 56701->56535 56702->56537 56703->56540 56704->56546 56705->56554 56706->56557 56707->56539 56708->56550 56710->56552 56711->56593 56712->56593 56714 7ff685c033ec GetModuleFileNameW 56713->56714 56714->56597 56714->56598 56716 7ff685c085df FindClose 56715->56716 56717 7ff685c085f2 56715->56717 56716->56717 56718 7ff685c0b870 _log10_special 8 API calls 56717->56718 56719 7ff685c03442 56718->56719 56719->56602 56719->56603 56720->56610 56721->56609 56722->56615 56723->56607 56724->56610 56725->56655 56726->56655 56727->56655 56728->56655 56729->56655 56730->56653 56731->56655 56732->56666 56734 7ff685c05b05 56733->56734 56735 7ff685c01bf0 49 API calls 56734->56735 56736 7ff685c05b41 56735->56736 56737 7ff685c05b6d 56736->56737 56738 7ff685c05b4a 56736->56738 56739 7ff685c03fe0 49 API calls 56737->56739 56823 7ff685c025f0 53 API calls _log10_special 56738->56823 56741 7ff685c05b85 56739->56741 56742 7ff685c05ba3 56741->56742 56824 7ff685c025f0 53 API calls _log10_special 56741->56824 56813 7ff685c03f10 56742->56813 56745 7ff685c0b870 _log10_special 8 API calls 56747 7ff685c0308e 56745->56747 56747->56672 56764 7ff685c05c80 56747->56764 56748 7ff685c05bbb 56750 7ff685c03fe0 49 API calls 56748->56750 56751 7ff685c05bd4 56750->56751 56752 7ff685c05bf9 56751->56752 56753 7ff685c05bd9 56751->56753 56754 7ff685c081a0 3 API calls 56752->56754 56825 7ff685c025f0 53 API calls _log10_special 56753->56825 56757 7ff685c05c06 56754->56757 56756 7ff685c05b63 56756->56745 56758 7ff685c05c12 56757->56758 56759 7ff685c05c49 56757->56759 56760 7ff685c086b0 2 API calls 56758->56760 56827 7ff685c050b0 95 API calls 56759->56827 56762 7ff685c05c2a 56760->56762 56826 7ff685c029e0 51 API calls _log10_special 56762->56826 56828 7ff685c04c80 56764->56828 56766 7ff685c05cba 56767 7ff685c05cd3 56766->56767 56768 7ff685c05cc2 56766->56768 56835 7ff685c04450 56767->56835 56860 7ff685c025f0 53 API calls _log10_special 56768->56860 56772 7ff685c05cdf 56861 7ff685c025f0 53 API calls _log10_special 56772->56861 56774 7ff685c05cf0 56775 7ff685c05d10 56774->56775 56776 7ff685c05cff 56774->56776 56839 7ff685c04700 56775->56839 56862 7ff685c025f0 53 API calls _log10_special 56776->56862 56777 7ff685c05cce 56777->56674 56780 7ff685c05d2b 56781 7ff685c05d40 56780->56781 56782 7ff685c05d2f 56780->56782 56784 7ff685c05d60 56781->56784 56785 7ff685c05d4f 56781->56785 56863 7ff685c025f0 53 API calls _log10_special 56782->56863 56846 7ff685c045a0 56784->56846 56864 7ff685c025f0 53 API calls _log10_special 56785->56864 56789 7ff685c05d80 56792 7ff685c05da0 56789->56792 56793 7ff685c05d8f 56789->56793 56790 7ff685c05d6f 56865 7ff685c025f0 53 API calls _log10_special 56790->56865 56795 7ff685c05db1 56792->56795 56797 7ff685c05dc2 56792->56797 56866 7ff685c025f0 53 API calls _log10_special 56793->56866 56867 7ff685c025f0 53 API calls _log10_special 56795->56867 56800 7ff685c05dec 56797->56800 56868 7ff685c165c0 73 API calls 56797->56868 56799 7ff685c05dda 56869 7ff685c165c0 73 API calls 56799->56869 56800->56777 56870 7ff685c025f0 53 API calls _log10_special 56800->56870 56804 7ff685c05820 56803->56804 56804->56804 56805 7ff685c05849 56804->56805 56810 7ff685c05860 __vcrt_freefls 56804->56810 56874 7ff685c025f0 53 API calls _log10_special 56805->56874 56807 7ff685c05855 56807->56676 56808 7ff685c0596b 56808->56676 56809 7ff685c01440 116 API calls 56809->56810 56810->56808 56810->56809 56811 7ff685c025f0 53 API calls 56810->56811 56811->56810 56812->56672 56814 7ff685c03f1a 56813->56814 56815 7ff685c086b0 2 API calls 56814->56815 56816 7ff685c03f3f 56815->56816 56817 7ff685c0b870 _log10_special 8 API calls 56816->56817 56818 7ff685c03f67 56817->56818 56818->56748 56819 7ff685c081a0 56818->56819 56820 7ff685c086b0 2 API calls 56819->56820 56821 7ff685c081b4 LoadLibraryExW 56820->56821 56822 7ff685c081d3 __vcrt_freefls 56821->56822 56822->56748 56823->56756 56824->56742 56825->56756 56826->56756 56827->56756 56829 7ff685c04cac 56828->56829 56830 7ff685c04cb4 56829->56830 56831 7ff685c04e54 56829->56831 56871 7ff685c15db4 48 API calls 56829->56871 56830->56766 56832 7ff685c05017 __vcrt_freefls 56831->56832 56833 7ff685c04180 47 API calls 56831->56833 56832->56766 56833->56831 56836 7ff685c04480 56835->56836 56837 7ff685c0b870 _log10_special 8 API calls 56836->56837 56838 7ff685c044ea 56837->56838 56838->56772 56838->56774 56840 7ff685c0476f 56839->56840 56843 7ff685c0471b 56839->56843 56873 7ff685c04300 MultiByteToWideChar MultiByteToWideChar __vcrt_freefls 56840->56873 56842 7ff685c0477c 56842->56780 56845 7ff685c0475a 56843->56845 56872 7ff685c04300 MultiByteToWideChar MultiByteToWideChar __vcrt_freefls 56843->56872 56845->56780 56847 7ff685c045b5 56846->56847 56848 7ff685c01bf0 49 API calls 56847->56848 56849 7ff685c04601 56848->56849 56850 7ff685c01bf0 49 API calls 56849->56850 56859 7ff685c04687 __vcrt_freefls 56849->56859 56851 7ff685c04640 56850->56851 56854 7ff685c086b0 2 API calls 56851->56854 56851->56859 56852 7ff685c0b870 _log10_special 8 API calls 56853 7ff685c046dc 56852->56853 56853->56789 56853->56790 56855 7ff685c0465a 56854->56855 56856 7ff685c086b0 2 API calls 56855->56856 56857 7ff685c04671 56856->56857 56858 7ff685c086b0 2 API calls 56857->56858 56858->56859 56859->56852 56860->56777 56861->56777 56862->56777 56863->56777 56864->56777 56865->56777 56866->56777 56867->56777 56868->56799 56869->56800 56870->56777 56871->56829 56872->56845 56873->56842 56874->56807 56875->56681 56877 7ff685c16c08 56876->56877 56880 7ff685c166e4 56877->56880 56879 7ff685c16c21 56879->56692 56881 7ff685c1672e 56880->56881 56882 7ff685c166ff 56880->56882 56890 7ff685c1477c EnterCriticalSection 56881->56890 56891 7ff685c19b24 37 API calls 2 library calls 56882->56891 56885 7ff685c16733 56886 7ff685c16750 38 API calls 56885->56886 56887 7ff685c1673f 56886->56887 56888 7ff685c14788 _fread_nolock LeaveCriticalSection 56887->56888 56889 7ff685c1671f 56888->56889 56889->56879 56891->56889 56892 7ff685c1ec9c 56893 7ff685c1ee8e 56892->56893 56895 7ff685c1ecde _isindst 56892->56895 56938 7ff685c143f4 11 API calls _get_daylight 56893->56938 56895->56893 56898 7ff685c1ed5e _isindst 56895->56898 56896 7ff685c0b870 _log10_special 8 API calls 56897 7ff685c1eea9 56896->56897 56913 7ff685c254a4 56898->56913 56903 7ff685c1eeba 56905 7ff685c19c10 _isindst 17 API calls 56903->56905 56906 7ff685c1eece 56905->56906 56910 7ff685c1edbb 56912 7ff685c1ee7e 56910->56912 56937 7ff685c254e8 37 API calls _isindst 56910->56937 56912->56896 56914 7ff685c1ed7c 56913->56914 56915 7ff685c254b3 56913->56915 56919 7ff685c248a8 56914->56919 56939 7ff685c1f5e8 EnterCriticalSection 56915->56939 56917 7ff685c254bb 56917->56914 56918 7ff685c25314 55 API calls 56917->56918 56918->56914 56920 7ff685c1ed91 56919->56920 56921 7ff685c248b1 56919->56921 56920->56903 56925 7ff685c248d8 56920->56925 56940 7ff685c143f4 11 API calls _get_daylight 56921->56940 56923 7ff685c248b6 56941 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56923->56941 56926 7ff685c248e1 56925->56926 56930 7ff685c1eda2 56925->56930 56942 7ff685c143f4 11 API calls _get_daylight 56926->56942 56928 7ff685c248e6 56943 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56928->56943 56930->56903 56931 7ff685c24908 56930->56931 56932 7ff685c1edb3 56931->56932 56933 7ff685c24911 56931->56933 56932->56903 56932->56910 56944 7ff685c143f4 11 API calls _get_daylight 56933->56944 56935 7ff685c24916 56945 7ff685c19bf0 37 API calls _invalid_parameter_noinfo 56935->56945 56937->56912 56938->56912 56940->56923 56941->56920 56942->56928 56943->56930 56944->56935 56945->56932 56946 7ff685c0ae00 56947 7ff685c0ae2e 56946->56947 56948 7ff685c0ae15 56946->56948 56948->56947 56951 7ff685c1c90c 56948->56951 56952 7ff685c1c957 56951->56952 56956 7ff685c1c91b _get_daylight 56951->56956 56959 7ff685c143f4 11 API calls _get_daylight 56952->56959 56953 7ff685c1c93e HeapAlloc 56955 7ff685c0ae8e 56953->56955 56953->56956 56956->56952 56956->56953 56958 7ff685c228a0 EnterCriticalSection LeaveCriticalSection _get_daylight 56956->56958 56958->56956 56959->56955 56960 7ffe133028c0 PyObject_CallObject 56961 7ffe133028f8 PyMem_Malloc 56960->56961 56973 7ffe133029b2 56960->56973 56962 7ffe133079ea PyErr_NoMemory 56961->56962 56963 7ffe1330291a 56961->56963 56964 7ffe133079f8 56962->56964 56965 7ffe133029a9 56963->56965 56968 7ffe1330296e PyDict_Update 56963->56968 56964->56965 56966 7ffe133079fe _Py_Dealloc 56964->56966 56967 7ffe13307a23 _Py_Dealloc 56965->56967 56965->56973 56966->56965 56967->56973 56968->56964 56969 7ffe13302987 56968->56969 56970 7ffe1330299b _Py_Dealloc 56969->56970 56971 7ffe133029a1 56969->56971 56970->56971 56974 7ffe133029d0 20 API calls 56971->56974 56974->56965

                                                  Executed Functions

                                                  Function 00007FF685C01000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 7ff685c01000-7ff685c03536 call 7ff685c0f138 call 7ff685c0f140 call 7ff685c0bb70 call 7ff685c14700 call 7ff685c14794 call 7ff685c033e0 14 7ff685c03544-7ff685c03566 call 7ff685c018f0 0->14 15 7ff685c03538-7ff685c0353f 0->15 21 7ff685c0356c-7ff685c03583 call 7ff685c01bf0 14->21 22 7ff685c03736-7ff685c0374c call 7ff685c03f70 14->22 16 7ff685c0371a-7ff685c03735 call 7ff685c0b870 15->16 25 7ff685c03588-7ff685c035c1 21->25 29 7ff685c03785-7ff685c0379a call 7ff685c025f0 22->29 30 7ff685c0374e-7ff685c0377b call 7ff685c076a0 22->30 27 7ff685c03653-7ff685c0366d call 7ff685c07e10 25->27 28 7ff685c035c7-7ff685c035cb 25->28 42 7ff685c03695-7ff685c0369c 27->42 43 7ff685c0366f-7ff685c03675 27->43 32 7ff685c035cd-7ff685c035e5 call 7ff685c14560 28->32 33 7ff685c03638-7ff685c0364d call 7ff685c018e0 28->33 45 7ff685c03712 29->45 46 7ff685c0379f-7ff685c037be call 7ff685c01bf0 30->46 47 7ff685c0377d-7ff685c03780 call 7ff685c0f36c 30->47 51 7ff685c035f2-7ff685c0360a call 7ff685c14560 32->51 52 7ff685c035e7-7ff685c035eb 32->52 33->27 33->28 54 7ff685c03844-7ff685c03863 call 7ff685c03e90 42->54 55 7ff685c036a2-7ff685c036c0 call 7ff685c07e10 call 7ff685c07f80 42->55 49 7ff685c03682-7ff685c03690 call 7ff685c1415c 43->49 50 7ff685c03677-7ff685c03680 43->50 45->16 61 7ff685c037c1-7ff685c037ca 46->61 47->29 49->42 50->49 66 7ff685c0360c-7ff685c03610 51->66 67 7ff685c03617-7ff685c0362f call 7ff685c14560 51->67 52->51 69 7ff685c03865-7ff685c0386f call 7ff685c03fe0 54->69 70 7ff685c03871-7ff685c03882 call 7ff685c01bf0 54->70 80 7ff685c0380f-7ff685c0381e call 7ff685c08400 55->80 81 7ff685c036c6-7ff685c036c9 55->81 61->61 65 7ff685c037cc-7ff685c037e9 call 7ff685c018f0 61->65 65->25 84 7ff685c037ef-7ff685c03800 call 7ff685c025f0 65->84 66->67 67->33 85 7ff685c03631 67->85 77 7ff685c03887-7ff685c038a1 call 7ff685c086b0 69->77 70->77 94 7ff685c038a3 77->94 95 7ff685c038af-7ff685c038c1 SetDllDirectoryW 77->95 92 7ff685c03820 80->92 93 7ff685c0382c-7ff685c03836 call 7ff685c07c40 80->93 81->80 86 7ff685c036cf-7ff685c036f6 call 7ff685c01bf0 81->86 84->45 85->33 97 7ff685c03805-7ff685c0380d call 7ff685c1415c 86->97 98 7ff685c036fc-7ff685c03703 call 7ff685c025f0 86->98 92->93 93->77 111 7ff685c03838 93->111 94->95 100 7ff685c038c3-7ff685c038ca 95->100 101 7ff685c038d0-7ff685c038ec call 7ff685c06560 call 7ff685c06b00 95->101 97->77 108 7ff685c03708-7ff685c0370a 98->108 100->101 104 7ff685c03a50-7ff685c03a58 100->104 118 7ff685c038ee-7ff685c038f4 101->118 119 7ff685c03947-7ff685c0394a call 7ff685c06510 101->119 109 7ff685c03a7d-7ff685c03a92 call 7ff685c033d0 call 7ff685c03080 call 7ff685c033a0 104->109 110 7ff685c03a5a-7ff685c03a77 PostMessageW GetMessageW 104->110 108->45 131 7ff685c03a97-7ff685c03aaf call 7ff685c06780 call 7ff685c06510 109->131 110->109 111->54 120 7ff685c0390e-7ff685c03918 call 7ff685c06970 118->120 121 7ff685c038f6-7ff685c03903 call 7ff685c065a0 118->121 125 7ff685c0394f-7ff685c03956 119->125 134 7ff685c03923-7ff685c03931 call 7ff685c06cd0 120->134 135 7ff685c0391a-7ff685c03921 120->135 121->120 132 7ff685c03905-7ff685c0390c 121->132 125->104 129 7ff685c0395c-7ff685c03966 call 7ff685c030e0 125->129 129->108 142 7ff685c0396c-7ff685c03980 call 7ff685c083e0 129->142 137 7ff685c0393a-7ff685c03942 call 7ff685c02870 call 7ff685c06780 132->137 134->125 147 7ff685c03933 134->147 135->137 137->119 151 7ff685c039a5-7ff685c039e8 call 7ff685c07f20 call 7ff685c07fc0 call 7ff685c06780 call 7ff685c06510 call 7ff685c07ec0 142->151 152 7ff685c03982-7ff685c0399f PostMessageW GetMessageW 142->152 147->137 163 7ff685c03a3d-7ff685c03a4b call 7ff685c018a0 151->163 164 7ff685c039ea-7ff685c03a00 call 7ff685c081f0 call 7ff685c07ec0 151->164 152->151 163->108 164->163 171 7ff685c03a02-7ff685c03a10 164->171 172 7ff685c03a12-7ff685c03a2c call 7ff685c025f0 call 7ff685c018a0 171->172 173 7ff685c03a31-7ff685c03a38 call 7ff685c02870 171->173 172->108 173->163
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileModuleName
                                                  • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                  • API String ID: 514040917-585287483
                                                  • Opcode ID: 9842cbd688bc5711a49d4e0ce16b69d9ca5c4bef69e7965de4c15c2abde6ee8e
                                                  • Instruction ID: fdb6b24ba00e4005089ad014560616927ca41d7e123481de18d32a50b7bce4f0
                                                  • Opcode Fuzzy Hash: 9842cbd688bc5711a49d4e0ce16b69d9ca5c4bef69e7965de4c15c2abde6ee8e
                                                  • Instruction Fuzzy Hash: 2EF180A3A08682D1FA18DB22D5542F96671BF54FA4F84403FDA1DC36D6EF2CE958CB40
                                                  Function 00007FF685C24F10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 245 7ff685c24f10-7ff685c24f4b call 7ff685c24898 call 7ff685c248a0 call 7ff685c24908 252 7ff685c24f51-7ff685c24f5c call 7ff685c248a8 245->252 253 7ff685c25175-7ff685c251c1 call 7ff685c19c10 call 7ff685c24898 call 7ff685c248a0 call 7ff685c24908 245->253 252->253 258 7ff685c24f62-7ff685c24f6c 252->258 279 7ff685c251c7-7ff685c251d2 call 7ff685c248a8 253->279 280 7ff685c252ff-7ff685c2536d call 7ff685c19c10 call 7ff685c20888 253->280 260 7ff685c24f8e-7ff685c24f92 258->260 261 7ff685c24f6e-7ff685c24f71 258->261 264 7ff685c24f95-7ff685c24f9d 260->264 263 7ff685c24f74-7ff685c24f7f 261->263 266 7ff685c24f8a-7ff685c24f8c 263->266 267 7ff685c24f81-7ff685c24f88 263->267 264->264 268 7ff685c24f9f-7ff685c24fb2 call 7ff685c1c90c 264->268 266->260 271 7ff685c24fbb-7ff685c24fc9 266->271 267->263 267->266 275 7ff685c24fca-7ff685c24fd6 call 7ff685c19c58 268->275 276 7ff685c24fb4-7ff685c24fb6 call 7ff685c19c58 268->276 286 7ff685c24fdd-7ff685c24fe5 275->286 276->271 279->280 288 7ff685c251d8-7ff685c251e3 call 7ff685c248d8 279->288 298 7ff685c2537b-7ff685c2537e 280->298 299 7ff685c2536f-7ff685c25376 280->299 286->286 289 7ff685c24fe7-7ff685c24ff8 call 7ff685c1f784 286->289 288->280 297 7ff685c251e9-7ff685c2520c call 7ff685c19c58 GetTimeZoneInformation 288->297 289->253 300 7ff685c24ffe-7ff685c25054 call 7ff685c297e0 * 4 call 7ff685c24e2c 289->300 313 7ff685c25212-7ff685c25233 297->313 314 7ff685c252d4-7ff685c252fe call 7ff685c24890 call 7ff685c24880 call 7ff685c24888 297->314 303 7ff685c25380 298->303 304 7ff685c253b5-7ff685c253c8 call 7ff685c1c90c 298->304 302 7ff685c2540b-7ff685c2540e 299->302 357 7ff685c25056-7ff685c2505a 300->357 306 7ff685c25383 call 7ff685c2518c 302->306 307 7ff685c25414-7ff685c2541c call 7ff685c24f10 302->307 303->306 319 7ff685c253ca 304->319 320 7ff685c253d3-7ff685c253ee call 7ff685c20888 304->320 323 7ff685c25388-7ff685c253b4 call 7ff685c19c58 call 7ff685c0b870 306->323 307->323 321 7ff685c2523e-7ff685c25245 313->321 322 7ff685c25235-7ff685c2523b 313->322 328 7ff685c253cc-7ff685c253d1 call 7ff685c19c58 319->328 344 7ff685c253f0-7ff685c253f3 320->344 345 7ff685c253f5-7ff685c25407 call 7ff685c19c58 320->345 330 7ff685c25247-7ff685c2524f 321->330 331 7ff685c25259 321->331 322->321 328->303 330->331 332 7ff685c25251-7ff685c25257 330->332 336 7ff685c2525b-7ff685c252cf call 7ff685c297e0 * 4 call 7ff685c21e6c call 7ff685c25424 * 2 331->336 332->336 336->314 344->328 345->302 359 7ff685c2505c 357->359 360 7ff685c25060-7ff685c25064 357->360 359->360 360->357 363 7ff685c25066-7ff685c2508b call 7ff685c15e68 360->363 369 7ff685c2508e-7ff685c25092 363->369 371 7ff685c250a1-7ff685c250a5 369->371 372 7ff685c25094-7ff685c2509f 369->372 371->369 372->371 374 7ff685c250a7-7ff685c250ab 372->374 375 7ff685c250ad-7ff685c250d5 call 7ff685c15e68 374->375 376 7ff685c2512c-7ff685c25130 374->376 385 7ff685c250d7 375->385 386 7ff685c250f3-7ff685c250f7 375->386 379 7ff685c25137-7ff685c25144 376->379 380 7ff685c25132-7ff685c25134 376->380 381 7ff685c25146-7ff685c2515c call 7ff685c24e2c 379->381 382 7ff685c2515f-7ff685c2516e call 7ff685c24890 call 7ff685c24880 379->382 380->379 381->382 382->253 389 7ff685c250da-7ff685c250e1 385->389 386->376 391 7ff685c250f9-7ff685c25117 call 7ff685c15e68 386->391 389->386 392 7ff685c250e3-7ff685c250f1 389->392 397 7ff685c25123-7ff685c2512a 391->397 392->386 392->389 397->376 398 7ff685c25119-7ff685c2511d 397->398 398->376 399 7ff685c2511f 398->399 399->397
                                                  APIs
                                                  • _get_daylight.LIBCMT ref: 00007FF685C24F55
                                                    • Part of subcall function 00007FF685C248A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C248BC
                                                    • Part of subcall function 00007FF685C19C58: HeapFree.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C6E
                                                    • Part of subcall function 00007FF685C19C58: GetLastError.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C78
                                                    • Part of subcall function 00007FF685C19C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF685C19BEF,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C19C19
                                                    • Part of subcall function 00007FF685C19C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF685C19BEF,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C19C3E
                                                  • _get_daylight.LIBCMT ref: 00007FF685C24F44
                                                    • Part of subcall function 00007FF685C24908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C2491C
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251BA
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251CB
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251DC
                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF685C2541C), ref: 00007FF685C25203
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                  • API String ID: 4070488512-239921721
                                                  • Opcode ID: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
                                                  • Instruction ID: dd3107746a10b42fcfb691a53b599a48b66aca5821a125ef2fee6cf79783c59c
                                                  • Opcode Fuzzy Hash: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
                                                  • Instruction Fuzzy Hash: 0DD19F3BA18242C6E7249F26D8805BA6671FF88FA5F44613DDA4DC7A85DE3CEC41CB40
                                                  Function 00007FF685C25C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 538 7ff685c25c74-7ff685c25ce7 call 7ff685c259a8 541 7ff685c25ce9-7ff685c25cf2 call 7ff685c143d4 538->541 542 7ff685c25d01-7ff685c25d0b call 7ff685c17830 538->542 547 7ff685c25cf5-7ff685c25cfc call 7ff685c143f4 541->547 548 7ff685c25d26-7ff685c25d8f CreateFileW 542->548 549 7ff685c25d0d-7ff685c25d24 call 7ff685c143d4 call 7ff685c143f4 542->549 561 7ff685c26042-7ff685c26062 547->561 552 7ff685c25e0c-7ff685c25e17 GetFileType 548->552 553 7ff685c25d91-7ff685c25d97 548->553 549->547 555 7ff685c25e19-7ff685c25e54 GetLastError call 7ff685c14368 CloseHandle 552->555 556 7ff685c25e6a-7ff685c25e71 552->556 558 7ff685c25dd9-7ff685c25e07 GetLastError call 7ff685c14368 553->558 559 7ff685c25d99-7ff685c25d9d 553->559 555->547 572 7ff685c25e5a-7ff685c25e65 call 7ff685c143f4 555->572 564 7ff685c25e79-7ff685c25e7c 556->564 565 7ff685c25e73-7ff685c25e77 556->565 558->547 559->558 566 7ff685c25d9f-7ff685c25dd7 CreateFileW 559->566 570 7ff685c25e82-7ff685c25ed7 call 7ff685c17748 564->570 571 7ff685c25e7e 564->571 565->570 566->552 566->558 576 7ff685c25ef6-7ff685c25f27 call 7ff685c25728 570->576 577 7ff685c25ed9-7ff685c25ee5 call 7ff685c25bb0 570->577 571->570 572->547 584 7ff685c25f29-7ff685c25f2b 576->584 585 7ff685c25f2d-7ff685c25f6f 576->585 577->576 583 7ff685c25ee7 577->583 586 7ff685c25ee9-7ff685c25ef1 call 7ff685c19dd0 583->586 584->586 587 7ff685c25f91-7ff685c25f9c 585->587 588 7ff685c25f71-7ff685c25f75 585->588 586->561 589 7ff685c26040 587->589 590 7ff685c25fa2-7ff685c25fa6 587->590 588->587 592 7ff685c25f77-7ff685c25f8c 588->592 589->561 590->589 593 7ff685c25fac-7ff685c25ff1 CloseHandle CreateFileW 590->593 592->587 595 7ff685c26026-7ff685c2603b 593->595 596 7ff685c25ff3-7ff685c26021 GetLastError call 7ff685c14368 call 7ff685c17970 593->596 595->589 596->595
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                  • String ID:
                                                  • API String ID: 1617910340-0
                                                  • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                  • Instruction ID: 86236c873a7d169ca885318009745872f3095ea8f493957e04aae75363a50714
                                                  • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                  • Instruction Fuzzy Hash: 04C19F37B28A45C6EB10CF69C4906AD3771FB49FA8B41222DDA1E9B794DF38E855C700
                                                  Function 00007FF685C2518C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 869 7ff685c2518c-7ff685c251c1 call 7ff685c24898 call 7ff685c248a0 call 7ff685c24908 876 7ff685c251c7-7ff685c251d2 call 7ff685c248a8 869->876 877 7ff685c252ff-7ff685c2536d call 7ff685c19c10 call 7ff685c20888 869->877 876->877 882 7ff685c251d8-7ff685c251e3 call 7ff685c248d8 876->882 889 7ff685c2537b-7ff685c2537e 877->889 890 7ff685c2536f-7ff685c25376 877->890 882->877 888 7ff685c251e9-7ff685c2520c call 7ff685c19c58 GetTimeZoneInformation 882->888 901 7ff685c25212-7ff685c25233 888->901 902 7ff685c252d4-7ff685c252fe call 7ff685c24890 call 7ff685c24880 call 7ff685c24888 888->902 893 7ff685c25380 889->893 894 7ff685c253b5-7ff685c253c8 call 7ff685c1c90c 889->894 892 7ff685c2540b-7ff685c2540e 890->892 895 7ff685c25383 call 7ff685c2518c 892->895 896 7ff685c25414-7ff685c2541c call 7ff685c24f10 892->896 893->895 906 7ff685c253ca 894->906 907 7ff685c253d3-7ff685c253ee call 7ff685c20888 894->907 910 7ff685c25388-7ff685c253b4 call 7ff685c19c58 call 7ff685c0b870 895->910 896->910 908 7ff685c2523e-7ff685c25245 901->908 909 7ff685c25235-7ff685c2523b 901->909 913 7ff685c253cc-7ff685c253d1 call 7ff685c19c58 906->913 927 7ff685c253f0-7ff685c253f3 907->927 928 7ff685c253f5-7ff685c25407 call 7ff685c19c58 907->928 915 7ff685c25247-7ff685c2524f 908->915 916 7ff685c25259 908->916 909->908 913->893 915->916 917 7ff685c25251-7ff685c25257 915->917 920 7ff685c2525b-7ff685c252cf call 7ff685c297e0 * 4 call 7ff685c21e6c call 7ff685c25424 * 2 916->920 917->920 920->902 927->913 928->892
                                                  APIs
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251BA
                                                    • Part of subcall function 00007FF685C24908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C2491C
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251CB
                                                    • Part of subcall function 00007FF685C248A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C248BC
                                                  • _get_daylight.LIBCMT ref: 00007FF685C251DC
                                                    • Part of subcall function 00007FF685C248D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C248EC
                                                    • Part of subcall function 00007FF685C19C58: HeapFree.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C6E
                                                    • Part of subcall function 00007FF685C19C58: GetLastError.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C78
                                                  • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF685C2541C), ref: 00007FF685C25203
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                  • API String ID: 3458911817-239921721
                                                  • Opcode ID: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
                                                  • Instruction ID: 00b6f24031a0040877e133be6b5f607549122e0b2ac8343fd7f8b2264987f940
                                                  • Opcode Fuzzy Hash: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
                                                  • Instruction Fuzzy Hash: B4511B37A18642C6E720DF21E8815AA7671BF48BA5F44613EDA4DC7A95DF3CE841CF40
                                                  Function 00007FF685C085A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                  • Instruction ID: 1c17b4fdc4b10956ef4ca49e422e176be7229b82a3a3e914d5c385cefa59c463
                                                  • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                  • Instruction Fuzzy Hash: 13F0A463A18641C6F7608B60F44836673A0BF44B38F04433ED96D426D4CF3CE458CE00
                                                  Function 00007FF685C018F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 179 7ff685c018f0-7ff685c0192b call 7ff685c03f70 182 7ff685c01bc1-7ff685c01be5 call 7ff685c0b870 179->182 183 7ff685c01931-7ff685c01971 call 7ff685c076a0 179->183 188 7ff685c01bae-7ff685c01bb1 call 7ff685c0f36c 183->188 189 7ff685c01977-7ff685c01987 call 7ff685c0f9f4 183->189 193 7ff685c01bb6-7ff685c01bbe 188->193 194 7ff685c019a1-7ff685c019bd call 7ff685c0f6bc 189->194 195 7ff685c01989-7ff685c0199c call 7ff685c02760 189->195 193->182 200 7ff685c019bf-7ff685c019d2 call 7ff685c02760 194->200 201 7ff685c019d7-7ff685c019ec call 7ff685c14154 194->201 195->188 200->188 206 7ff685c019ee-7ff685c01a01 call 7ff685c02760 201->206 207 7ff685c01a06-7ff685c01a87 call 7ff685c01bf0 * 2 call 7ff685c0f9f4 201->207 206->188 215 7ff685c01a8c-7ff685c01a9f call 7ff685c14170 207->215 218 7ff685c01aa1-7ff685c01ab4 call 7ff685c02760 215->218 219 7ff685c01ab9-7ff685c01ad2 call 7ff685c0f6bc 215->219 218->188 224 7ff685c01ad4-7ff685c01ae7 call 7ff685c02760 219->224 225 7ff685c01aec-7ff685c01b08 call 7ff685c0f430 219->225 224->188 230 7ff685c01b1b-7ff685c01b29 225->230 231 7ff685c01b0a-7ff685c01b16 call 7ff685c025f0 225->231 230->188 233 7ff685c01b2f-7ff685c01b3e 230->233 231->188 235 7ff685c01b40-7ff685c01b46 233->235 236 7ff685c01b60-7ff685c01b6f 235->236 237 7ff685c01b48-7ff685c01b55 235->237 236->236 238 7ff685c01b71-7ff685c01b7a 236->238 237->238 239 7ff685c01b8f 238->239 240 7ff685c01b7c-7ff685c01b7f 238->240 242 7ff685c01b91-7ff685c01bac 239->242 240->239 241 7ff685c01b81-7ff685c01b84 240->241 241->239 243 7ff685c01b86-7ff685c01b89 241->243 242->188 242->235 243->239 244 7ff685c01b8b-7ff685c01b8d 243->244 244->242
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _fread_nolock$Message
                                                  • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                  • API String ID: 677216364-3497178890
                                                  • Opcode ID: 35ecb335ea51856d2c4ba3a5b8941be69d2e3f44d34773facc26e79b75a298fb
                                                  • Instruction ID: 119fffceafd3767b07175ec80319a2a318aae023ceb92bbed4ee5209f7479110
                                                  • Opcode Fuzzy Hash: 35ecb335ea51856d2c4ba3a5b8941be69d2e3f44d34773facc26e79b75a298fb
                                                  • Instruction Fuzzy Hash: BD7183A3A18686C5EB20DB14D8502B963B0FF88FA4F44503ED98DC7699EF6CE944CF40
                                                  Function 00007FF685C01440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                  • API String ID: 2030045667-3659356012
                                                  • Opcode ID: 6f52e494031d5ca2484d2f9d573e2a1dcf24fa62387402d5cbc9e3bb6a366fed
                                                  • Instruction ID: ca96806e3a7f35552c55dfd521283053a4ad9df1c3ff0f2d05e57a59cbcb7848
                                                  • Opcode Fuzzy Hash: 6f52e494031d5ca2484d2f9d573e2a1dcf24fa62387402d5cbc9e3bb6a366fed
                                                  • Instruction Fuzzy Hash: 8A416363B08642C1EA209B55E8405BAA7B0FF48FE4F54503EDE4D8BA95EE3CED45CB00
                                                  Function 00007FFE133028C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 80COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CallDeallocDict_Err_MallocMem_MemoryObjectObject_Update
                                                  • String ID: X{}
                                                  • API String ID: 3334104440-2140212134
                                                  • Opcode ID: 993215c533787af24a8ddded9fa27fbbebaacf7f242f7e515d88610f26fd57d5
                                                  • Instruction ID: 8430ac69930f923abc92d7c7fd61d59c5e75826feab5eff59d71d167661c1ded
                                                  • Opcode Fuzzy Hash: 993215c533787af24a8ddded9fa27fbbebaacf7f242f7e515d88610f26fd57d5
                                                  • Instruction Fuzzy Hash: 1D315231A08F8289EB558B27A9442BC6390EF65BF0F5885B0DAAD637B5DF3CE4558304
                                                  Function 00007FF685C011F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                  • API String ID: 2030045667-2813020118
                                                  • Opcode ID: e496b0bcba3729b97d06f0e46ecf728c80844e1a155ab2c5c02d584ccd3a7d05
                                                  • Instruction ID: 27a8e88437428609cc757d8701d0ef7f7e11fb5f1d6ff42ec87538483df27bdf
                                                  • Opcode Fuzzy Hash: e496b0bcba3729b97d06f0e46ecf728c80844e1a155ab2c5c02d584ccd3a7d05
                                                  • Instruction Fuzzy Hash: E051B1A3A08642C5EA609B15E8403BAA6A1FF44FE4F44513EED4DC7BD5EE3CE941CB00
                                                  Function 00007FF685C1E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF685C1E3BA,?,?,-00000018,00007FF685C1A063,?,?,?,00007FF685C19F5A,?,?,?,00007FF685C1524E), ref: 00007FF685C1E19C
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF685C1E3BA,?,?,-00000018,00007FF685C1A063,?,?,?,00007FF685C19F5A,?,?,?,00007FF685C1524E), ref: 00007FF685C1E1A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeLibraryProc
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 3013587201-537541572
                                                  • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                  • Instruction ID: 3fd8a50dea5c03ef70429fabbad0518b27502ff97ab74fc3caaf9298f068c6fc
                                                  • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                  • Instruction Fuzzy Hash: 9A41B163B59602C2EA168F16E8006B526A2BF48FB4F59413EDD1DDB785EE3CEC05CB00
                                                  Function 00007FF685C1AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 756 7ff685c1ad6c-7ff685c1ad92 757 7ff685c1adad-7ff685c1adb1 756->757 758 7ff685c1ad94-7ff685c1ada8 call 7ff685c143d4 call 7ff685c143f4 756->758 760 7ff685c1b187-7ff685c1b193 call 7ff685c143d4 call 7ff685c143f4 757->760 761 7ff685c1adb7-7ff685c1adbe 757->761 775 7ff685c1b19e 758->775 778 7ff685c1b199 call 7ff685c19bf0 760->778 761->760 763 7ff685c1adc4-7ff685c1adf2 761->763 763->760 766 7ff685c1adf8-7ff685c1adff 763->766 769 7ff685c1ae18-7ff685c1ae1b 766->769 770 7ff685c1ae01-7ff685c1ae13 call 7ff685c143d4 call 7ff685c143f4 766->770 773 7ff685c1ae21-7ff685c1ae27 769->773 774 7ff685c1b183-7ff685c1b185 769->774 770->778 773->774 780 7ff685c1ae2d-7ff685c1ae30 773->780 779 7ff685c1b1a1-7ff685c1b1b8 774->779 775->779 778->775 780->770 783 7ff685c1ae32-7ff685c1ae57 780->783 785 7ff685c1ae59-7ff685c1ae5b 783->785 786 7ff685c1ae8a-7ff685c1ae91 783->786 789 7ff685c1ae5d-7ff685c1ae64 785->789 790 7ff685c1ae82-7ff685c1ae88 785->790 787 7ff685c1ae66-7ff685c1ae7d call 7ff685c143d4 call 7ff685c143f4 call 7ff685c19bf0 786->787 788 7ff685c1ae93-7ff685c1aebb call 7ff685c1c90c call 7ff685c19c58 * 2 786->788 817 7ff685c1b010 787->817 819 7ff685c1aed8-7ff685c1af03 call 7ff685c1b594 788->819 820 7ff685c1aebd-7ff685c1aed3 call 7ff685c143f4 call 7ff685c143d4 788->820 789->787 789->790 791 7ff685c1af08-7ff685c1af1f 790->791 794 7ff685c1af9a-7ff685c1afa4 call 7ff685c22c2c 791->794 795 7ff685c1af21-7ff685c1af29 791->795 808 7ff685c1afaa-7ff685c1afbf 794->808 809 7ff685c1b02e 794->809 795->794 798 7ff685c1af2b-7ff685c1af2d 795->798 798->794 802 7ff685c1af2f-7ff685c1af45 798->802 802->794 806 7ff685c1af47-7ff685c1af53 802->806 806->794 811 7ff685c1af55-7ff685c1af57 806->811 808->809 814 7ff685c1afc1-7ff685c1afd3 GetConsoleMode 808->814 813 7ff685c1b033-7ff685c1b053 ReadFile 809->813 811->794 818 7ff685c1af59-7ff685c1af71 811->818 821 7ff685c1b059-7ff685c1b061 813->821 822 7ff685c1b14d-7ff685c1b156 GetLastError 813->822 814->809 816 7ff685c1afd5-7ff685c1afdd 814->816 816->813 823 7ff685c1afdf-7ff685c1b001 ReadConsoleW 816->823 826 7ff685c1b013-7ff685c1b01d call 7ff685c19c58 817->826 818->794 827 7ff685c1af73-7ff685c1af7f 818->827 819->791 820->817 821->822 829 7ff685c1b067 821->829 824 7ff685c1b158-7ff685c1b16e call 7ff685c143f4 call 7ff685c143d4 822->824 825 7ff685c1b173-7ff685c1b176 822->825 832 7ff685c1b003 GetLastError 823->832 833 7ff685c1b022-7ff685c1b02c 823->833 824->817 837 7ff685c1b009-7ff685c1b00b call 7ff685c14368 825->837 838 7ff685c1b17c-7ff685c1b17e 825->838 826->779 827->794 836 7ff685c1af81-7ff685c1af83 827->836 840 7ff685c1b06e-7ff685c1b083 829->840 832->837 833->840 836->794 844 7ff685c1af85-7ff685c1af95 836->844 837->817 838->826 840->826 846 7ff685c1b085-7ff685c1b090 840->846 844->794 847 7ff685c1b0b7-7ff685c1b0bf 846->847 848 7ff685c1b092-7ff685c1b0ab call 7ff685c1a984 846->848 852 7ff685c1b13b-7ff685c1b148 call 7ff685c1a7c4 847->852 853 7ff685c1b0c1-7ff685c1b0d3 847->853 856 7ff685c1b0b0-7ff685c1b0b2 848->856 852->856 857 7ff685c1b12e-7ff685c1b136 853->857 858 7ff685c1b0d5 853->858 856->826 857->826 860 7ff685c1b0da-7ff685c1b0e1 858->860 861 7ff685c1b11d-7ff685c1b128 860->861 862 7ff685c1b0e3-7ff685c1b0e7 860->862 861->857 863 7ff685c1b0e9-7ff685c1b0f0 862->863 864 7ff685c1b103 862->864 863->864 865 7ff685c1b0f2-7ff685c1b0f6 863->865 866 7ff685c1b109-7ff685c1b119 864->866 865->864 867 7ff685c1b0f8-7ff685c1b101 865->867 866->860 868 7ff685c1b11b 866->868 867->866 868->857
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                  • Instruction ID: 4ee1dee7018902fa2e572b09b26f2d77ffd5104135d5330e9b3af2c4d30879fa
                                                  • Opcode Fuzzy Hash: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                  • Instruction Fuzzy Hash: CEC1DC67A48686D1EA619B14D4402BE2BB4FF90FA4F65013DEA4E83791CE7CEC59CF40
                                                  Function 00007FF685C033E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetModuleFileNameW.KERNEL32(?,00007FF685C03534), ref: 00007FF685C03411
                                                    • Part of subcall function 00007FF685C029E0: GetLastError.KERNEL32(?,?,?,00007FF685C0342E,?,00007FF685C03534), ref: 00007FF685C02A14
                                                    • Part of subcall function 00007FF685C029E0: FormatMessageW.KERNEL32(?,?,?,00007FF685C0342E), ref: 00007FF685C02A7D
                                                    • Part of subcall function 00007FF685C029E0: MessageBoxW.USER32 ref: 00007FF685C02ACF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ErrorFileFormatLastModuleName
                                                  • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                  • API String ID: 517058245-2863816727
                                                  • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                  • Instruction ID: 6d257f80c2eaf3a162cc82eea6d6bf1eb5a4298573f2fee9992252651122caa3
                                                  • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                  • Instruction Fuzzy Hash: 742162A3B18542D1FA619B26E8513B95670BF88FA4F80513FE65DC65E5EF2CE904CF00
                                                  Function 00007FFE00746110 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 974 7ffe00746110-7ffe00746122 975 7ffe00746124-7ffe0074615b 974->975 976 7ffe00746138-7ffe0074613d call 7ffe0077a4a8 974->976 979 7ffe00746161-7ffe00746164 975->979 980 7ffe0074626c-7ffe00746274 975->980 976->975 982 7ffe00746211 call 7ffe007476f0 979->982 983 7ffe0074616a-7ffe0074616d 979->983 984 7ffe007461d7-7ffe007461e8 980->984 985 7ffe0074627a-7ffe0074628a 980->985 994 7ffe00746216-7ffe00746218 982->994 986 7ffe0074616f-7ffe00746180 GetLastError 983->986 987 7ffe007461e9-7ffe007461ec 983->987 989 7ffe00746290-7ffe00746297 985->989 990 7ffe0078341d-7ffe0078342b call 7ffe0079d268 985->990 992 7ffe00746186-7ffe00746191 call 7ffe00743a40 986->992 993 7ffe0074621a-7ffe00746225 call 7ffe007462cc 986->993 987->984 991 7ffe007461ee-7ffe007461f7 987->991 995 7ffe007461d5 989->995 996 7ffe0074629d-7ffe007462a4 call 7ffe007477ec 989->996 990->984 1008 7ffe00783431 990->1008 998 7ffe007461f9-7ffe00746204 call 7ffe00743a40 991->998 999 7ffe0074620a-7ffe0074620f 991->999 1010 7ffe007833fd-7ffe00783403 992->1010 1011 7ffe00746197-7ffe0074619b 992->1011 1012 7ffe007462b7-7ffe007462b9 SetLastError 993->1012 1013 7ffe0074622b-7ffe00746246 call 7ffe0073dcf0 993->1013 994->984 995->984 996->995 998->999 1015 7ffe007833e2-7ffe007833f8 call 7ffe007462cc call 7ffe0074f930 998->1015 999->984 1008->1008 1010->993 1011->1012 1016 7ffe007461a1-7ffe007461a4 1011->1016 1014 7ffe007462bf-7ffe007462c1 1012->1014 1023 7ffe007462a9-7ffe007462b0 call 7ffe007462cc 1013->1023 1024 7ffe00746248-7ffe00746252 call 7ffe007462cc 1013->1024 1014->995 1015->999 1016->1012 1019 7ffe007461aa-7ffe007461ca call 7ffe00743a40 SetLastError 1016->1019 1019->1014 1031 7ffe007461d0 1019->1031 1035 7ffe007462b2 call 7ffe0073f040 1023->1035 1033 7ffe00746258-7ffe00746267 call 7ffe007463a4 call 7ffe0073f040 1024->1033 1034 7ffe00783408-7ffe00783418 call 7ffe007462cc 1024->1034 1031->995 1033->1016 1034->1035 1035->1012
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$__security_init_cookie
                                                  • String ID: PVv
                                                  • API String ID: 2222513578-3329939833
                                                  • Opcode ID: d32f32be829c345f8424b6e50172c33a4feb856c6a1ec6dc64b44a65f2bf0592
                                                  • Instruction ID: 4a3ef22f016662198b2e42e446b701b28ce5a61357c8e536500829f7b629e870
                                                  • Opcode Fuzzy Hash: d32f32be829c345f8424b6e50172c33a4feb856c6a1ec6dc64b44a65f2bf0592
                                                  • Instruction Fuzzy Hash: CE516B20F0F64352FA58BB6599515B92185EF4A7B0F1C4238DB2E067FFDF6CB8408612
                                                  Function 00007FF685C1EC9C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_isindst
                                                  • String ID:
                                                  • API String ID: 4170891091-0
                                                  • Opcode ID: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                  • Instruction ID: c77d141d596331b99ff133e1d699b9de1d7a213ca14cc6df87c158b894730e31
                                                  • Opcode Fuzzy Hash: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                  • Instruction Fuzzy Hash: 4551B073F44211CAEB14DF64D9556BC2AB1BF14BA9F50013EED1ED2AE5DF38A801CA00
                                                  Function 00007FF685C14A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                  • String ID:
                                                  • API String ID: 2780335769-0
                                                  • Opcode ID: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                  • Instruction ID: 3f0c566863db62b8b41187bfe0188f3ada6683a7b5fb633fc2a555be8577569c
                                                  • Opcode Fuzzy Hash: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                  • Instruction Fuzzy Hash: D7515A2BA48741CAEB14CF61D5903BD27B1BF48B68F10953DDE0987689DF78D881CB40
                                                  Function 00007FF685C14938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 1279662727-0
                                                  • Opcode ID: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                  • Instruction ID: a27ac85e800d801248d2e52635f63c185f07af3ef9dcd21b223dfe874cd233a2
                                                  • Opcode Fuzzy Hash: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                  • Instruction Fuzzy Hash: 9F41B027D58782C3E3108B20D5903A96670FF94BB4F10933CE69983AD1DF6CA9A0CB40
                                                  Function 00007FFE0074CA40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE0073DCF0: HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FFE007434C9,?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?), ref: 00007FFE0073DD38
                                                  • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,00007FFE0074F39E,?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE00785B8C
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,00007FFE0074F39E,?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE00785BA2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressAllocCountCriticalHeapInitializeProcSectionSpin
                                                  • String ID: InitializeCriticalSectionEx
                                                  • API String ID: 1188775705-3084827643
                                                  • Opcode ID: d50c9835e02574957e0a21de02abdf2f731f597d5daf9e2beef02907001a061a
                                                  • Instruction ID: 4bfadb15da6f01e250854e10b8107d021231da5443cc0390f2705a3f27c8fefb
                                                  • Opcode Fuzzy Hash: d50c9835e02574957e0a21de02abdf2f731f597d5daf9e2beef02907001a061a
                                                  • Instruction Fuzzy Hash: 1E41C266B1AB8282EA15EB19D4106B937A0FB58760F484735DB6D477ECDF3CE816C300
                                                  Function 00007FFE007476F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: __vcrt_initialize_locks__vcrt_initialize_winapi_thunks
                                                  • String ID: Pu$PVv
                                                  • API String ID: 2444027679-3203346620
                                                  • Opcode ID: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                  • Instruction ID: 56d5ee33f021871eb4cd4d2232eb0f6494aeda1530add30a0ce460d62733697e
                                                  • Opcode Fuzzy Hash: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                  • Instruction Fuzzy Hash: 4B114C21F4B64252FE66AB28E1003B86290EF04BA4F9C4636D76D467FDEF6CE941C710
                                                  Function 00007FF685C0BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                  • String ID:
                                                  • API String ID: 3251591375-0
                                                  • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                  • Instruction ID: 9a76f7805ea0d0ec30b70d4ce094d79677f1c9a07d86cdbd713a479f5ddf6544
                                                  • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                  • Instruction Fuzzy Hash: 77313BA7A4D143C1FA54AB65D4513BAAA71BF45FA8F44403EEA0EC76D3DE2CAC05CE01
                                                  Function 00007FF685C18D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                  • Instruction ID: 29af434844c0321fdbf9ca1e64e4c52822751a57e22e59f879ae1fded9439c67
                                                  • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                  • Instruction Fuzzy Hash: 27D06712F58706C6EA583B72D85917916317F5CF65B10243CD84A87397CD2CAC09CA40
                                                  Function 00007FF685C0F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 8760811a46c694da2ce7fcb713cb8132a6e7826c56b7b9f56bdeeaa18c726bba
                                                  • Instruction ID: 298e6bad8371bbf5dd82d93d053009d39fbb946e304f69a5ecceef70cbf7fc1b
                                                  • Opcode Fuzzy Hash: 8760811a46c694da2ce7fcb713cb8132a6e7826c56b7b9f56bdeeaa18c726bba
                                                  • Instruction Fuzzy Hash: FD51B4A3B09242C6EA689E66D40067A66A1FF44FB4F18463EDD6D877D5CE3CDC81CE00
                                                  Function 00007FF685C1B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastPointer
                                                  • String ID:
                                                  • API String ID: 2976181284-0
                                                  • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                  • Instruction ID: 589fc8bd7648e270684f6ff4ec95dc29110db3d9536b26befb7ceac5426e882b
                                                  • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                  • Instruction Fuzzy Hash: BD119D62A08A81C1DA108B25E844169A775FF44FF8F545339EA7D877E9CE38D850CB00
                                                  Function 00007FF685C14C34 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF685C14B49), ref: 00007FF685C14C67
                                                  • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF685C14B49), ref: 00007FF685C14C7D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Time$System$FileLocalSpecific
                                                  • String ID:
                                                  • API String ID: 1707611234-0
                                                  • Opcode ID: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                  • Instruction ID: 1546c17318075f67f75ac87eab987283d98dddbd65e6f3066bc4e2766c88a340
                                                  • Opcode Fuzzy Hash: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                  • Instruction Fuzzy Hash: 32115B2260C702C1EA648B15E45113AABB0FF85BB5F50123EEAA9859E8EF2CD815DF00
                                                  Function 00007FF685C19E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNELBASE(?,?,?,00007FF685C19CE5,?,?,00000000,00007FF685C19D9A), ref: 00007FF685C19ED6
                                                  • GetLastError.KERNEL32(?,?,?,00007FF685C19CE5,?,?,00000000,00007FF685C19D9A), ref: 00007FF685C19EE0
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CloseErrorHandleLast
                                                  • String ID:
                                                  • API String ID: 918212764-0
                                                  • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                  • Instruction ID: 2e63f9e20ee5ccf2b4988315be725ac690537c9a675d47e58363e5d80218b33f
                                                  • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                  • Instruction Fuzzy Hash: 93216F23F58642C1EA949761E49037926B2BF84FB4F14523DDA2EC77D1CE6CAC45CB05
                                                  Function 00007FFE0073DCF0 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FFE007434C9,?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?), ref: 00007FFE0073DD38
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AllocHeap
                                                  • String ID:
                                                  • API String ID: 4292702814-0
                                                  • Opcode ID: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                  • Instruction ID: 2376a300720842bcf99f3fdfb52a4b65e0cca714e11ce14bce88458f2925be40
                                                  • Opcode Fuzzy Hash: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                  • Instruction Fuzzy Hash: E911C221B1B74385FEA4AB55A8106B56290AF89F90F4C9234DB1E4B3FEDF2CF4508750
                                                  Function 00007FFE0074C998 Relevance: 2.5, APIs: 2, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074C80C), ref: 00007FFE0074C9C4
                                                  • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074C80C), ref: 00007FFE0074CA19
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave
                                                  • String ID:
                                                  • API String ID: 3168844106-0
                                                  • Opcode ID: 0291edbe3082b304451f4ed1c39b7bd1e6a79d51fcd4033be8e3744c9ea70ef5
                                                  • Instruction ID: af076c538694cecdc8759eedbea4563be3a150457e06990e4dd706265afa45d3
                                                  • Opcode Fuzzy Hash: 0291edbe3082b304451f4ed1c39b7bd1e6a79d51fcd4033be8e3744c9ea70ef5
                                                  • Instruction Fuzzy Hash: 5F116D32A0B68682F351EF14E84057A67A4FB54790F480131DB4E937BEDF3CE8528B40
                                                  Function 00007FFE0074C7F0 Relevance: 2.5, APIs: 2, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFE0074C7FD
                                                    • Part of subcall function 00007FFE0074C998: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074C80C), ref: 00007FFE0074C9C4
                                                    • Part of subcall function 00007FFE0074C998: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074C80C), ref: 00007FFE0074CA19
                                                  • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FFE0074C823
                                                    • Part of subcall function 00007FFE0074C93C: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE0074C95C
                                                    • Part of subcall function 00007FFE0074C838: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FFE0074C89A
                                                    • Part of subcall function 00007FFE0074C838: GetFileType.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FFE0074C8B0
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$FileHandleInfoStartupType
                                                  • String ID:
                                                  • API String ID: 2762830733-0
                                                  • Opcode ID: ec87571a4dd4f9888bb3e403b7d3050c44f51055bcf036c43b695e8927277bbf
                                                  • Instruction ID: 3b5773cca43cfa73824e1c8d0f07df3e312b063fd45d9c31c56ca0b2339b2368
                                                  • Opcode Fuzzy Hash: ec87571a4dd4f9888bb3e403b7d3050c44f51055bcf036c43b695e8927277bbf
                                                  • Instruction Fuzzy Hash: 2DE0EC51E4B54696FAA5BBB098510F81354EF6D321F881035CB4E817FADF2CB49A8B21
                                                  Function 00007FF685C1B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                  • Instruction ID: 49428d7104adbb6770d30593cd6d987dbd12e9b45f592b75637dd484ba816295
                                                  • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                  • Instruction Fuzzy Hash: 9A41BB33948205C7EA649A19E54127D7BB5FF56FA8F14113DEA8AC7690CF2CE802CF51
                                                  Function 00007FF685C076A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _fread_nolock
                                                  • String ID:
                                                  • API String ID: 840049012-0
                                                  • Opcode ID: a0f762802b007f79df3f5188bfeabeb6c0338d12f38915015ea771c39cfbc038
                                                  • Instruction ID: 2f0c755e2a7434919bf1750fc6c55f85f2ac51c5a9b1b780c07c3bce4a546510
                                                  • Opcode Fuzzy Hash: a0f762802b007f79df3f5188bfeabeb6c0338d12f38915015ea771c39cfbc038
                                                  • Instruction Fuzzy Hash: 4B21D662B08291D5FE159B1AE9043BAA6B1BF95FE4F88443DDD0C87782DE7DE845CB00
                                                  Function 00007FF685C1AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                  • Instruction ID: 6f4b49da6357470dffc360e95eb2f64cfe86364c7a2112de612baf02621fd2c3
                                                  • Opcode Fuzzy Hash: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                  • Instruction Fuzzy Hash: AB316927A58652C6E711AB15D8813BD2670BF50FB1F95023DEA2D833D2CEBDAC41CB91
                                                  Function 00007FF685C18C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                  • String ID:
                                                  • API String ID: 3947729631-0
                                                  • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                  • Instruction ID: db67f43ab266f5764dfba35a8bececfea15e994c4b821282beb1880faedb5b18
                                                  • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                  • Instruction Fuzzy Hash: 5B216932A19706CAEB649F65C4502AC37B0FB44B28F54463ED62C86AD5EF38D985CB50
                                                  Function 00007FF685C152A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                  • Instruction ID: b8c45776e6fbfd16dd9274ca7539c34266576bea503d9550fa88972a0f2e1603
                                                  • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                  • Instruction Fuzzy Hash: 5E118C23A5C682C6EA619F51D40027EA2B4BF95FA0F54403DEA4C9BA96DF3CEC40CF41
                                                  Function 00007FF685C25664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                  • Instruction ID: ed5f56d222a070e2bee984f0db5fa268f9d098665b3a2b891f8968d193d7e4ff
                                                  • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                  • Instruction Fuzzy Hash: FF212C73A18682C6DB618A18D48036A76B0BF98FA5F54523CD65D8A699DF38D800CB00
                                                  Function 00007FF685C0F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                  • Instruction ID: d29315bd370260f0e6dcb363e3db3e04fbc0fb4978b9e0841d02dfa53b72696b
                                                  • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                  • Instruction Fuzzy Hash: 7B01C866A08742C0E944DB56D900079A6B5BF55FF0F48463DDE5C93BD6DE7CD882CB00
                                                  Function 00007FF685C081A0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF685C086B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF685C03FA4,00000000,00007FF685C01925), ref: 00007FF685C086E9
                                                  • LoadLibraryExW.KERNELBASE(?,00007FF685C05C06,?,00007FF685C0308E), ref: 00007FF685C081C2
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ByteCharLibraryLoadMultiWide
                                                  • String ID:
                                                  • API String ID: 2592636585-0
                                                  • Opcode ID: 637d93bcaba6b3ef3808867d80487fbb7a80e425bc13fea3da321eb74d5281f1
                                                  • Instruction ID: ade928f179f8a98358a6e46aee78a08b6cc07adf0d3534b3718cca1325558c94
                                                  • Opcode Fuzzy Hash: 637d93bcaba6b3ef3808867d80487fbb7a80e425bc13fea3da321eb74d5281f1
                                                  • Instruction Fuzzy Hash: 6AD08C02B24641C1EA44AB67AA465795561AF8AFD0E58903DEE1C47B46DC3CD4808F00
                                                  Function 00007FF685C1C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF685C0FFB0,?,?,?,00007FF685C1161A,?,?,?,?,?,00007FF685C12E09), ref: 00007FF685C1C94A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AllocHeap
                                                  • String ID:
                                                  • API String ID: 4292702814-0
                                                  • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                  • Instruction ID: d7200333d4d5893f32aa5ba786296e70b518b0f558e4100252bb0f2849e07d9f
                                                  • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                  • Instruction Fuzzy Hash: ACF05803F98287C5FE6466B1D85127916A07F88FB0F08563CE82FC62C1DE2CAC41C994

                                                  Non-executed Functions

                                                  Function 00007FFE0073FBE0 Relevance: 42.5, APIs: 11, Strings: 13, Instructions: 485COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: AppPolicyGetThreadInitializationType$AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID$RoInitialize
                                                  • API String ID: 0-3669283627
                                                  • Opcode ID: 0a41683f40b259b1e67c6c9bde6614169f6c19f14045b61a5e850a46e33da5b2
                                                  • Instruction ID: b0646887acb12d2a46fcbbdd8bf0493f8425ad91fedf0d2beec13cc1161bec1f
                                                  • Opcode Fuzzy Hash: 0a41683f40b259b1e67c6c9bde6614169f6c19f14045b61a5e850a46e33da5b2
                                                  • Instruction Fuzzy Hash: B2125F95B4BB4786FE19A719E8601B523D6AF197C4B4C943ACE0E873BDEE2CF4458310
                                                  Function 00007FFE0073D030 Relevance: 31.9, APIs: 16, Strings: 2, Instructions: 364COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID: FlsGetValue$LCMapStringEx
                                                  • API String ID: 1452528299-552164261
                                                  • Opcode ID: f0d041f4b4fc85b9cdf17ef866bfe8f9e5e967b850e0db7c2084dec861ba1d8c
                                                  • Instruction ID: 657093aa77334a7930fca10760671c009a4561dc2ad53189728f2ae57a7d017e
                                                  • Opcode Fuzzy Hash: f0d041f4b4fc85b9cdf17ef866bfe8f9e5e967b850e0db7c2084dec861ba1d8c
                                                  • Instruction Fuzzy Hash: D1E18266B0BB8286FA54AB59E8501B92395BF49B84F484035DF0E437BEDF3CF8598350
                                                  Function 00007FF685C079B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07A1B
                                                  • RemoveDirectoryW.KERNEL32(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07A9E
                                                  • DeleteFileW.KERNEL32(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07ABD
                                                  • FindNextFileW.KERNEL32(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07ACB
                                                  • FindClose.KERNEL32(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07ADC
                                                  • RemoveDirectoryW.KERNEL32(?,00007FF685C07EF9,00007FF685C039E6), ref: 00007FF685C07AE5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                  • String ID: %s\*
                                                  • API String ID: 1057558799-766152087
                                                  • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                  • Instruction ID: 8871c075481fb1f84c0d2d0642ac1adbdcabf9b485e2abb42c806a2c848e6d61
                                                  • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                  • Instruction Fuzzy Hash: B5417F62A0C952D1EE249B24E4445B963B1FFA8F64F44163ED59DC3694DF2CEE4ACF00
                                                  Function 00007FF685C19924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 1239891234-0
                                                  • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                  • Instruction ID: a9e353bfce4666b071843aaebe07777df1c16d1758f3be17e9d593ecf8406ddc
                                                  • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                  • Instruction Fuzzy Hash: 09312C33618B81C6EB608B25E8402AE67B4FF88B68F54113EEA9D83B55DF38D545CF00
                                                  Function 00007FFE007A0F20 Relevance: 9.1, APIs: 6, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 1239891234-0
                                                  • Opcode ID: 267245f3bd38f2c02141a155506c253c2953b48b1ae2e079d631393d28aeaf4b
                                                  • Instruction ID: c962ef199e6d700d6e4c306d90e0d7d0c0740d3b86527ad0c6535de79c1d0623
                                                  • Opcode Fuzzy Hash: 267245f3bd38f2c02141a155506c253c2953b48b1ae2e079d631393d28aeaf4b
                                                  • Instruction Fuzzy Hash: AF316F76619B8296EB609F25E8442EE33A4FB88788F480136EB4D47B6DDF3CD154C700
                                                  Function 00007FFE0079F8C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,00000002,00007FFE0079FC3E,?,?,?,00000000,?,00000092,?), ref: 00007FFE0079F915
                                                  • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,00000002,00007FFE0079FC3E,?,?,?,00000000,?,00000092,?), ref: 00007FFE0079F959
                                                  • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,00000002,00007FFE0079FC3E,?,?,?,00000000,?,00000092,?), ref: 00007FFE0079F96F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: InfoLocale
                                                  • String ID: ACP$OCP
                                                  • API String ID: 2299586839-711371036
                                                  • Opcode ID: 63f68895fa317381e46d59cdb5da771bb10869db7f8227425ff028a80743315c
                                                  • Instruction ID: 8972e9f5447eb3229e7d10157d7a452f35330dfec1877bb3f52aba2d832390ae
                                                  • Opcode Fuzzy Hash: 63f68895fa317381e46d59cdb5da771bb10869db7f8227425ff028a80743315c
                                                  • Instruction Fuzzy Hash: 3E214D72A0A683A2FB64AB11E4406AAA364BF49794F584031DB89C77ACDF3CF941C701
                                                  Function 00007FFE007D5E64 Relevance: 7.8, APIs: 5, Instructions: 327fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastWrite$ConsoleOutput
                                                  • String ID:
                                                  • API String ID: 1443284424-0
                                                  • Opcode ID: 5e1b83992b63a47b5d58ea9a1a8ea21678f5dac8a57e374f4ac3bcdce7b8afee
                                                  • Instruction ID: 2e7924c02c5cd7f851dafdf8b98e220a5964fa148c81440ef534240836117335
                                                  • Opcode Fuzzy Hash: 5e1b83992b63a47b5d58ea9a1a8ea21678f5dac8a57e374f4ac3bcdce7b8afee
                                                  • Instruction Fuzzy Hash: 24D1E222B1AA918AEB11DF74D4402AD7BB1F745B98F184136DF8E57BA9DE3CE406C700
                                                  Function 00007FFE0079FA48 Relevance: 7.7, APIs: 5, Instructions: 200COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE00742FE0: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00742FEA
                                                    • Part of subcall function 00007FFE00742FE0: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00743030
                                                    • Part of subcall function 00007FFE00742FE0: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00743083
                                                  • GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE0079FC10
                                                  • IsValidCodePage.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE0079FC4B
                                                  • IsValidLocale.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE0079FC65
                                                  • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE0079FCB2
                                                  • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00000000,?,00000092,?), ref: 00007FFE0079FCD1
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastLocale$InfoValid$CodeDefaultPageUser
                                                  • String ID:
                                                  • API String ID: 1491647067-0
                                                  • Opcode ID: 42fa7465111f9485c4452dc4fb25b8dbf29c89794bf053654adb9970e6f8f339
                                                  • Instruction ID: 1ecc5d086f21f250019e3906d6cd9a4d4206e1332fed1a61254fd85dd067b402
                                                  • Opcode Fuzzy Hash: 42fa7465111f9485c4452dc4fb25b8dbf29c89794bf053654adb9970e6f8f339
                                                  • Instruction Fuzzy Hash: FB816A72B0A64289FB20EF21D4916BD23A4BB44B48F5D4436CF0D973A9EE3CE945C390
                                                  Function 00007FFE0074DC20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,00007FFE00731679), ref: 00007FFE0074DCBF
                                                  • GetLocaleInfoW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,00007FFE00731679), ref: 00007FFE00785F1E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressInfoLocaleProc
                                                  • String ID: GetLocaleInfoEx$IsValidLocaleName
                                                  • API String ID: 2353564440-3594675595
                                                  • Opcode ID: e34764d3d7dd8039f0e78f5012b24970bdf88d0d388ef93113ccd5e59fef2fb0
                                                  • Instruction ID: 5c43ec80bc7be32ae2617665ac68ea90ae25478b355b4b7de3f2ab0b67b24c8e
                                                  • Opcode Fuzzy Hash: e34764d3d7dd8039f0e78f5012b24970bdf88d0d388ef93113ccd5e59fef2fb0
                                                  • Instruction Fuzzy Hash: BD31DF61B1AB8282FA14AB26AC105B66391BF58BE0F0C4535DF1D577BDEE3CE806C350
                                                  Function 00007FFE0077A184 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.API-MS-WIN-CORE-DEBUG-L1-1-0(?,?,00000000,00007FFE0077A37B,?,?,?,?,00007FFE0077A2D6,?,?,?,?,00007FFE00780F02), ref: 00007FFE0077A18D
                                                  • SetUnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE0077A37B,?,?,?,?,00007FFE0077A2D6,?,?,?,?,00007FFE00780F02), ref: 00007FFE0077A1A5
                                                  • UnhandledExceptionFilter.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE0077A37B,?,?,?,?,00007FFE0077A2D6,?,?,?,?,00007FFE00780F02), ref: 00007FFE0077A1AE
                                                  • GetCurrentProcess.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00007FFE0077A37B,?,?,?,?,00007FFE0077A2D6,?,?,?,?,00007FFE00780F02), ref: 00007FFE0077A1C7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$CurrentDebuggerPresentProcess
                                                  • String ID:
                                                  • API String ID: 2506494423-0
                                                  • Opcode ID: fb5ea8104a77d4c5d96bbf16649f5d49e7e3f9ba9a0afdde2dc7b858688ca2b2
                                                  • Instruction ID: 5dccf62fdeca750311217b14afd7b8b8d12f74a1927ebf251e80dad524f6765f
                                                  • Opcode Fuzzy Hash: fb5ea8104a77d4c5d96bbf16649f5d49e7e3f9ba9a0afdde2dc7b858688ca2b2
                                                  • Instruction Fuzzy Hash: 00F0E561D4B646E6FB153B71A8152B82250FF9C785F0C0434C70E453BEDE7D64858B51
                                                  Function 00007FFE0079D2E0 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00007FFE00731718), ref: 00007FFE0079D30C
                                                  • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,00000000,?,00007FFE00731718), ref: 00007FFE0079D345
                                                  • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00007FFE00731718), ref: 00007FFE0079D366
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterEnumLeaveLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2886288447-0
                                                  • Opcode ID: 11d679e72249f151f03d901951a6cb7bb545d2b024f1541009a6aab9907634a1
                                                  • Instruction ID: 046d796cf41e37dbf9f77a1fd979b76732a2665c7e2d77961c29720d39361ff7
                                                  • Opcode Fuzzy Hash: 11d679e72249f151f03d901951a6cb7bb545d2b024f1541009a6aab9907634a1
                                                  • Instruction Fuzzy Hash: 74115B76A05B8282EB00DB19F8905A97325FBA9B88F944132DB4E8337CDF3CD555C300
                                                  Function 00007FFE0079F3C4 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE00742FE0: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00742FEA
                                                    • Part of subcall function 00007FFE00742FE0: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00743030
                                                  • GetPrimaryLen.LIBCMT ref: 00007FFE0079F42D
                                                  • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,00000040,00007FFE0079FBE3,?,?,?,00000000,?,00000092,?,?,?,00007FFE0078202E), ref: 00007FFE0079F442
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesPrimarySystem
                                                  • String ID:
                                                  • API String ID: 1794546269-0
                                                  • Opcode ID: c48d17922ab1b48582798c1663d4b912c91d103d90995669fa172b71ef107056
                                                  • Instruction ID: e9133ceea1a0f1bf2efc7f78f3cd5015385a3888c66d03eb1457e0f64aac15f2
                                                  • Opcode Fuzzy Hash: c48d17922ab1b48582798c1663d4b912c91d103d90995669fa172b71ef107056
                                                  • Instruction Fuzzy Hash: C311C263A0968187EB51EF25E4402EE37A1EB81BE0F588235D719873F9DE3CD582C740
                                                  Function 00007FFE133101A4 Relevance: 3.0, APIs: 2, Instructions: 36memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,00000020,00007FFE1331016E,?,?,00000000,00007FFE1330D3C1), ref: 00007FFE133101B9
                                                  • VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,00000020,00007FFE1331016E,?,?,00000000,00007FFE1330D3C1), ref: 00007FFE133101F7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AllocInfoSystemVirtual
                                                  • String ID:
                                                  • API String ID: 3440192736-0
                                                  • Opcode ID: 94f426eb3a902a8e95c746d34cab3007df66f5496063bb7fa456196b55c00d3f
                                                  • Instruction ID: 41dc0ef69452d9d853b518192e77efb418986c1b57c2f180b876aa2883351347
                                                  • Opcode Fuzzy Hash: 94f426eb3a902a8e95c746d34cab3007df66f5496063bb7fa456196b55c00d3f
                                                  • Instruction Fuzzy Hash: 2101A232F08A07CBEB288F57B44127563E1AF6CBA0B440078C92D57735DF2CE5068714
                                                  Function 00007FFE0079F478 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE00742FE0: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00742FEA
                                                    • Part of subcall function 00007FFE00742FE0: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00743030
                                                  • GetPrimaryLen.LIBCMT ref: 00007FFE0079F4BC
                                                  • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,00000002,00007FFE0079FB62,?,?,?,00000000,?,00000092,?,?,?,00007FFE0078202E), ref: 00007FFE0079F4D4
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesPrimarySystem
                                                  • String ID:
                                                  • API String ID: 1794546269-0
                                                  • Opcode ID: 918e33f92e6cfffee02549a009de8ab1d619ca4aa561b61bbce5ed93a2346109
                                                  • Instruction ID: 8ccf03cdff32c32700b067d6b6c9690085dedbc04186ed398095bd052b8355e3
                                                  • Opcode Fuzzy Hash: 918e33f92e6cfffee02549a009de8ab1d619ca4aa561b61bbce5ed93a2346109
                                                  • Instruction Fuzzy Hash: E5F06863A095C142EB51AF65D4407BA77A1DB807A4F588231D73D873FEDE3C94918701
                                                  Function 00007FFE0079F35C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE00742FE0: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00742FEA
                                                    • Part of subcall function 00007FFE00742FE0: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00743030
                                                  • EnumSystemLocalesW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,00000002,00007FFE0079FC07,?,?,?,00000000,?,00000092,?,?,?,00007FFE0078202E), ref: 00007FFE0079F3A3
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2417226690-0
                                                  • Opcode ID: f0712430c06e6bc3b3a0938eaa0402bd87424cfcfc7a1c73fa6ecc90391848c0
                                                  • Instruction ID: 80e1d083385078b771bc26ac40dd1357719d5cd00eaf4dcc44584085f06bf07c
                                                  • Opcode Fuzzy Hash: f0712430c06e6bc3b3a0938eaa0402bd87424cfcfc7a1c73fa6ecc90391848c0
                                                  • Instruction Fuzzy Hash: 65F05462A0578541DB11AB65E5403A9B6A1EB55BB0F588231D768837E9DE7C85918200
                                                  Function 00007FF685C050B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C050C0
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C05101
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C05126
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C0514B
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C05173
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C0519B
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C051C3
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C051EB
                                                  • GetProcAddress.KERNEL32(?,00007FF685C05C57,?,00007FF685C0308E), ref: 00007FF685C05213
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                  • API String ID: 190572456-2007157414
                                                  • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                  • Instruction ID: 6b2d011394f4cf374c5fa66a8d1b09759aa92394237e186329706daf3bb4644b
                                                  • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                  • Instruction Fuzzy Hash: C3126CA690EB43E1FA55DB04E8541B427B0BF48F75B94643EC80E92360EF7CBD58DA81
                                                  Function 00007FFE13304F04 Relevance: 150.8, APIs: 60, Strings: 26, Instructions: 286threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Module_$Object$ReadyType_$FromLong_$Long$Void$String$AttrConstantCreate2Dict_Err_Eval_ExceptionInitObject_Threads
                                                  • String ID: 1.1.0$ArgumentError$Array$CFuncPtr$COMError$FUNCFLAG_CDECL$FUNCFLAG_HRESULT$FUNCFLAG_PYTHONAPI$FUNCFLAG_STDCALL$FUNCFLAG_USE_ERRNO$FUNCFLAG_USE_LASTERROR$RTLD_GLOBAL$RTLD_LOCAL$Structure$Union$_Pointer$_SimpleCData$__version__$_cast_addr$_memmove_addr$_memset_addr$_pointer_type_cache$_string_at_addr$_unpickle$_wstring_at_addr$ctypes.ArgumentError
                                                  • API String ID: 3442687775-1788694816
                                                  • Opcode ID: 235d13ddb48b033c33f909457e56df7ea6feaa1f91be6b705772f14ac1ed0c23
                                                  • Instruction ID: 444c07c674b000fa3b7635b7c45a5a32c68270a718af80f4bb9273855ef7eb83
                                                  • Opcode Fuzzy Hash: 235d13ddb48b033c33f909457e56df7ea6feaa1f91be6b705772f14ac1ed0c23
                                                  • Instruction Fuzzy Hash: 3DF1BF60E09F07DAFB009B53FC544B467A4BF64BA5B4401B5C92EA6672DFBCE14AC348
                                                  Function 00007FF685C06EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                  • API String ID: 190572456-3427451314
                                                  • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                  • Instruction ID: 495a8b29e4e8fd782e30011de3481df974f1fd00bfc1abf86d7665a699aa0684
                                                  • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                  • Instruction Fuzzy Hash: 5EE179AA909B03D0FA55DF55E8501B423B5BF58F74F94207EC81E822A4EF7CBD89CA41
                                                  Function 00007FFE00775A78 Relevance: 82.7, APIs: 44, Strings: 3, Instructions: 459COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+Name::operator+=$Decorator::getName$Name::Name::operator=$Name::doPchar$DimensionSigned$DataDecoratedEncodingStringSymbolType
                                                  • String ID: `anonymous namespace'$`string'$operator
                                                  • API String ID: 2020783597-815891235
                                                  • Opcode ID: 3c21f6e1fc1565ac1cfb2fd5206cc140514e7d7df8721337382753e13a86550f
                                                  • Instruction ID: 06d49da31c8592bee32293978253bd58512021b68052d4821b85e7bcc9921072
                                                  • Opcode Fuzzy Hash: 3c21f6e1fc1565ac1cfb2fd5206cc140514e7d7df8721337382753e13a86550f
                                                  • Instruction Fuzzy Hash: E3225962B1AE6688FB16EB64D8942FC2761BB047C8F984036DB0D177BEDE6CE545C700
                                                  Function 00007FFE00773AD0 Relevance: 73.8, APIs: 17, Strings: 25, Instructions: 277COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Name::operator=$Name::operator+Name::operator+=$Decorator::getNameName::Type$DataName::doPchar
                                                  • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $bool$char$char16_t$char32_t$const$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                  • API String ID: 1480303775-3737837666
                                                  • Opcode ID: 1927567a377c84a443f6970d25b003a49c416ab76026ca8221145af2a49d523a
                                                  • Instruction ID: 3f1932f8f9fd2d54011ada562378a5f12eab781aab7dfb66c62fd2f3083fae76
                                                  • Opcode Fuzzy Hash: 1927567a377c84a443f6970d25b003a49c416ab76026ca8221145af2a49d523a
                                                  • Instruction Fuzzy Hash: D1D12AA2F1AA5294FB62EB54D8802BC2370AF04784F584532DB1D567FDDF7CEA44A311
                                                  Function 00007FFE1330CEF8 Relevance: 70.2, APIs: 29, Strings: 11, Instructions: 242COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Err_$ErrorLast_errno$PrintSequence_SubtypeTraceback_Type_$CallEnsureItemObjectObject_SizeState_StringTuple_UnraisableWarnWritememcpy
                                                  • String ID: 'calling callback function'$'converting callback result'$BUG: PySequence_Length$Getting argument converter %zd$Parsing argument %zd$PyTuple_New()$_ctypes/callbacks.c$cannot build parameter$create argument %zd:$memory leak in callback function.$unexpected result of create argument %zd:
                                                  • API String ID: 2971030404-3802182047
                                                  • Opcode ID: 0aa29b0aaa687eea33acd6fbe9c5e9b6305f8cda3c497f36fd0c068cfe219f4a
                                                  • Instruction ID: 3a3bb26aaccf36251f0d4347a156e0800a9079cb7688a2e6f599ffed8a7a8c60
                                                  • Opcode Fuzzy Hash: 0aa29b0aaa687eea33acd6fbe9c5e9b6305f8cda3c497f36fd0c068cfe219f4a
                                                  • Instruction Fuzzy Hash: 78B11E21E09F42CAEA649B17E8582BD63A0BF65BB4F4440B5C96E277B5DF3CE445C308
                                                  Function 00007FFE00777420 Relevance: 59.7, APIs: 30, Strings: 4, Instructions: 242COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Decorator::get$Name::operator+=$DimensionSigned$Name$Name::operator+$DecoratedName::$DataName::doName::getPcharStringType
                                                  • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-
                                                  • API String ID: 283215372-4167119577
                                                  • Opcode ID: 12bb7d13e92f06a6bf447f779c0ee1e92f81f505711a6c6b54402271d41620aa
                                                  • Instruction ID: 1697ad03814b4ca7bdb772d1b1f0f7c43eda8eb104bc76d19c6ffc10b437cc51
                                                  • Opcode Fuzzy Hash: 12bb7d13e92f06a6bf447f779c0ee1e92f81f505711a6c6b54402271d41620aa
                                                  • Instruction Fuzzy Hash: 91B14F62F0EA4284FB1ABB64D4442FC2761AF55788F980036CB0D577BEDE2CE50AC351
                                                  Function 00007FFE007752B4 Relevance: 48.3, APIs: 32, Instructions: 343COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+$Decorator::get$DataIndirectNameName::Name::doName::operator+=PcharScopeType
                                                  • String ID:
                                                  • API String ID: 3173522582-0
                                                  • Opcode ID: 5d5f78a55cbb505edb1646c940a8ce2b9e8aeb4b195174f4d175174c9cb5d7f9
                                                  • Instruction ID: c60df9c9bbbed622340d68e4dd7b4bf2018fa0c45b7a16f19e27f5e09c7e5162
                                                  • Opcode Fuzzy Hash: 5d5f78a55cbb505edb1646c940a8ce2b9e8aeb4b195174f4d175174c9cb5d7f9
                                                  • Instruction Fuzzy Hash: 44F15876A0AA829AE712EF64D4801EC37B1FB0478CB484036DB4D57BAEDE7CD519C790
                                                  Function 00007FFE13301A30 Relevance: 47.5, APIs: 19, Strings: 8, Instructions: 215stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Object_$AttrDeallocString$Err_$Format$CallDict_LookupMallocMem_ObjectOccurredSizeUnicode_Updatestrchr
                                                  • String ID: __ctype_be__$__ctype_le__$_type_ '%s' not supported$cbBhHiIlLdfuzZqQPXOv?g$class must define a '_type_' attribute$class must define a '_type_' attribute which must bea single character string containing one of '%s'.$class must define a '_type_' attribute which must be a string of length 1$class must define a '_type_' string attribute
                                                  • API String ID: 1562115708-917751260
                                                  • Opcode ID: 174102951eecfc0f4f4755dec21c1f3a16aa2c386703cc42a1da506657b2ea6b
                                                  • Instruction ID: 944ac1e8739e5a895b6ac23a559d6d507fc1679c231faced79574ba905f34e99
                                                  • Opcode Fuzzy Hash: 174102951eecfc0f4f4755dec21c1f3a16aa2c386703cc42a1da506657b2ea6b
                                                  • Instruction Fuzzy Hash: 8AA12A21E09F42C9EA558F27E8442BD63A0FB65BA0F4881B1DE6E62775DF3CE445C348
                                                  Function 00007FFE133042C4 Relevance: 45.7, APIs: 19, Strings: 7, Instructions: 211COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Err_$Object_String$AttrDict_Long_LookupMallocMem_$CallDescr_ExceptionItemMatchesMemoryObjectOccurredSignSsize_tUpdate
                                                  • String ID: The '_length_' attribute is too large$The '_length_' attribute must be an integer$The '_length_' attribute must not be negative$_type_ must have storage info$array too large$class must define a '_length_' attribute$class must define a '_type_' attribute
                                                  • API String ID: 1094985414-504660705
                                                  • Opcode ID: 618371b017bfb42e6c387fd73ed1a77009a15e34f6dbbb0f99ccff6f8b3ed9d2
                                                  • Instruction ID: 5af2968d0c67dbf113bf94522ef9140192119e59813b6a9f2f8ceb5103c9d08d
                                                  • Opcode Fuzzy Hash: 618371b017bfb42e6c387fd73ed1a77009a15e34f6dbbb0f99ccff6f8b3ed9d2
                                                  • Instruction Fuzzy Hash: 0AA12C21E09E46C9EA948F27D8842BD23A4EF64BB4F0446B1D97E666B5DF3CE445C308
                                                  Function 00007FFE1330CB6C Relevance: 42.1, APIs: 21, Strings: 3, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$FromLong_$Err_Void$Object_StringUnraisableWrite$ArgsAttrBlockCallFunctionImportImport_InternLongModuleOccurredUnicode_
                                                  • String ID: DllGetClassObject$_ctypes.DllGetClassObject$ctypes
                                                  • API String ID: 3128317949-177550262
                                                  • Opcode ID: 99bdcf459ac8af5bcc7a0db9776d141a5a270aa91500dbaaf312ce4d3d78e8c4
                                                  • Instruction ID: c01a689982a51f8d9bacf35c94c3cfef8e5acef9431b47de90220e0c6b7c2c67
                                                  • Opcode Fuzzy Hash: 99bdcf459ac8af5bcc7a0db9776d141a5a270aa91500dbaaf312ce4d3d78e8c4
                                                  • Instruction Fuzzy Hash: A051FE21E09F42C9EF549F23A9582B963A0AF65FB0F0841B4CD2E6B775DF7DA4458308
                                                  Function 00007FFE13303740 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 274COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$DeallocString$FormatItemSubtypeTuple_Type_
                                                  • String ID: COM method call without VTable$Expected a COM this pointer as first argument$NULL COM pointer access$native com method call without 'this' parameter$this function takes %d argument%s (%d given)$this function takes at least %d argument%s (%d given)
                                                  • API String ID: 3243083996-1981512665
                                                  • Opcode ID: dacd0b13c9e80698b11dd7f487c8c4109035449e1944ff7af2743ef586600601
                                                  • Instruction ID: e623c513b959995c6bbed93d8ee6ae3f05fa82553b896383dd0ef14f32092ee8
                                                  • Opcode Fuzzy Hash: dacd0b13c9e80698b11dd7f487c8c4109035449e1944ff7af2743ef586600601
                                                  • Instruction Fuzzy Hash: 2DC18C32A09F42C9EA54CB17948427D67A0FBA4BB4F0440B5EA6E6B774DF3CE445C708
                                                  Function 00007FFE1330A6D0 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 223COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$FromNumber_OccurredSsize_tString$Mem_Unicode_$Bytes_CharMallocSizeWide$FreeList_Memory
                                                  • String ID: Pointer indices must be integer$slice start is required for step < 0$slice step cannot be zero$slice stop is required
                                                  • API String ID: 869507174-3059441807
                                                  • Opcode ID: 70b66605ccd097e78c16a38ef12c19642d171d9870e87ce71708b90003173da8
                                                  • Instruction ID: 7ec133fcda29511ae16f32b3e612d9663d22f5515b1da0adca5b5e1adab140bd
                                                  • Opcode Fuzzy Hash: 70b66605ccd097e78c16a38ef12c19642d171d9870e87ce71708b90003173da8
                                                  • Instruction Fuzzy Hash: 51A15B21F09E42C9FA549B17E64417C63A1AF64FF0B0487B1C97E67BF6DE2CE4469208
                                                  Function 00007FFE13302010 Relevance: 40.4, APIs: 15, Strings: 8, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Dealloc$String$Arg_Eval_FormatParseSizeThreadTuple_$AddressAttrAuditLong_Object_OccurredProcRestoreSaveSequence_Sys_TupleVoid
                                                  • String ID: O&O;illegal func_spec argument$O|O$_handle$could not convert the _handle attribute to a pointer$ctypes.dlsym$function '%s' not found$function ordinal %d not found$the _handle attribute of the second argument must be an integer
                                                  • API String ID: 247295482-1088195083
                                                  • Opcode ID: c6efa2341e803b1a4695140a97f4be8c3672992cc7647cd23768f9356f60b82d
                                                  • Instruction ID: 6aa2272b83df0cfc4a8b336206b4213f3323b454a2b06c8ce8a1fe3f934c6e4f
                                                  • Opcode Fuzzy Hash: c6efa2341e803b1a4695140a97f4be8c3672992cc7647cd23768f9356f60b82d
                                                  • Instruction Fuzzy Hash: A7710721E09E46C8EB558F67D8401BC63A0BF68BA4B4445B1DE2EA77B9DF3CE445C318
                                                  Function 00007FFE13302CB0 Relevance: 38.6, APIs: 17, Strings: 5, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Mem_$CallDict_Err_FreeFunctionItemMallocObject_$DeallocErrorFromLong_OccurredStringUnicode_VoidWith
                                                  • String ID: LP_%s$_type_$must be a ctypes type$s(O){sO}$s(O){}
                                                  • API String ID: 2461613936-2311978994
                                                  • Opcode ID: b2117b3c44d5f46dd7f24c4b35abf2caf2fa320c46810db12cf49d07f67c91ee
                                                  • Instruction ID: 67882dd7623e3f3ab21fc32ddb60fd833ddf77707f7d0c5356436b321f14ce9c
                                                  • Opcode Fuzzy Hash: b2117b3c44d5f46dd7f24c4b35abf2caf2fa320c46810db12cf49d07f67c91ee
                                                  • Instruction Fuzzy Hash: 54514D21E18E47C9EA158B27A8041B823A4AF65FF5F1806B1C93E677B6DF3CE4458308
                                                  Function 00007FFE13309A50 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 181COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Bytes_Err_FromMem_SizeSlice_String$AdjustFreeIndicesMallocMemoryNumber_OccurredSsize_tUnpack
                                                  • String ID: indices must be integers
                                                  • API String ID: 1902650389-2024404580
                                                  • Opcode ID: 56fc218e470cc9290087d7e1a0b697a8edda5b0b6fe3fe085914f497f61d90d4
                                                  • Instruction ID: 1857462e5b707a873ba98461da5295ff5d63c52b9b5c0efd22da0973c14f1595
                                                  • Opcode Fuzzy Hash: 56fc218e470cc9290087d7e1a0b697a8edda5b0b6fe3fe085914f497f61d90d4
                                                  • Instruction Fuzzy Hash: 4F718822E09E42C9EB19CB2799441BC63A1EF65BF4B1441B1DD3E67BB9DE3DE4418308
                                                  Function 00007FFE1331022C Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 151COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyObject_GetAttrString.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE1331025F
                                                  • PySequence_Fast.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE1331027B
                                                  • _Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE1331028D
                                                  • PyArg_ParseTuple.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE133102E6
                                                  • PyObject_GetAttr.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE133102FD
                                                  • _Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE1331034A
                                                  • _Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE133103B6
                                                  • PyObject_SetAttr.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE133103C7
                                                  • _Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE133103DB
                                                  • _Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE133103F2
                                                  • _Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE1331040C
                                                  • _Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE1331041B
                                                  • PyErr_SetString.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE13310453
                                                  • _Py_Dealloc.PYTHON38(?,?,00000000,?,00000000,00000000,00000000,00007FFE13309018), ref: 00007FFE13310464
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$AttrObject_$String$Arg_Err_FastParseSequence_Tuple
                                                  • String ID: OO|O$_fields_$_fields_ must be a sequence$unexpected type
                                                  • API String ID: 1182381414-2418103425
                                                  • Opcode ID: bf701b0b9c5246edb51d4daac37b77ce33a136e741e7a5e3015aa40b30222fbb
                                                  • Instruction ID: 44734cee0b1ad177fd68d3bf6669fc807d5e39616562929a54724ad372f5362a
                                                  • Opcode Fuzzy Hash: bf701b0b9c5246edb51d4daac37b77ce33a136e741e7a5e3015aa40b30222fbb
                                                  • Instruction Fuzzy Hash: 1D613F32B09E06CAEA548B27E584179B3A0FB64BB0B044171DE6E63776DF3CE4959708
                                                  Function 00007FFE1330DC1C Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyUnicode_FromFormatV.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DC41
                                                  • PyErr_Fetch.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DC60
                                                  • PyErr_NormalizeException.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DC72
                                                  • PyObject_Str.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DC7C
                                                  • PyUnicode_AppendAndDel.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DC8E
                                                  • PyUnicode_FromString.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DC9B
                                                  • PyUnicode_AppendAndDel.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DCA8
                                                  • PyErr_Clear.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DCB7
                                                  • PyObject_Str.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DCC1
                                                  • PyErr_Clear.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DCCC
                                                  • PyUnicode_FromString.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DCD9
                                                  • PyUnicode_AppendAndDel.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DCE6
                                                  • PyErr_SetObject.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DCFB
                                                  • _Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DD10
                                                  • _Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DD25
                                                  • _Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DD3A
                                                  • _Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,?,00007FFE13308864), ref: 00007FFE1330DD4F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Unicode_$Err_$Dealloc$AppendFrom$ClearObject_String$ExceptionFetchFormatNormalizeObject
                                                  • String ID: ???
                                                  • API String ID: 2201921740-1053719742
                                                  • Opcode ID: ecb6db16fea7d3ec4b1d10a42f34de8fe402f80ec48bd489ff59f9729515affa
                                                  • Instruction ID: 84c45b6e6c20ef9043b2868b77cd42965ec82db6f0277a1799464b2e5572089d
                                                  • Opcode Fuzzy Hash: ecb6db16fea7d3ec4b1d10a42f34de8fe402f80ec48bd489ff59f9729515affa
                                                  • Instruction Fuzzy Hash: 6041FB32E09E02CDFF459B62E8581FC23B0BF64BA9F040475C92E62A79DE2CE545C358
                                                  Function 00007FFE13307E03 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Err_$Mem_$FormatFree$AttrItemMallocMemoryObject_Sequence_StringUnicode_
                                                  • String ID: %s:%s:$UO|i$bit fields not allowed for type %s$number of bits invalid for bit field
                                                  • API String ID: 3175293119-1978056028
                                                  • Opcode ID: bc37b6ce8a5a7c313a365d20831b984a8754113c41a18f45fcca063f25ce9297
                                                  • Instruction ID: 13bedc6ded18bc5d7bc65da0d8e22e720d51d77a7b1540b4a448d8d011eb2934
                                                  • Opcode Fuzzy Hash: bc37b6ce8a5a7c313a365d20831b984a8754113c41a18f45fcca063f25ce9297
                                                  • Instruction Fuzzy Hash: B9915932A09F42C9EB51CB26E4842AD67A4FB64BB4F540275EA6D637B4DF3CE445C308
                                                  Function 00007FFE13303D20 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 142threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err__errno$Eval_OccurredSaveStringThreadffi_callffi_prep_cif
                                                  • String ID: No ffi_type for result$ffi_prep_cif failed
                                                  • API String ID: 1950514379-2788394380
                                                  • Opcode ID: 6121417b7722ab025f39875993b7b3182431a5fc4bdece3938c3d3d366a2f58a
                                                  • Instruction ID: c126dd7838007edcb6c4c8417145e7dd2fbc6c6c4670610ed4966c1dbfb61727
                                                  • Opcode Fuzzy Hash: 6121417b7722ab025f39875993b7b3182431a5fc4bdece3938c3d3d366a2f58a
                                                  • Instruction Fuzzy Hash: 45511936A1CE82CAE6609F12E4441BE7760FBA8BA4F005175DA6E27775CF3CE804C708
                                                  Function 00007FFE1330A0D4 Relevance: 29.8, APIs: 12, Strings: 5, Instructions: 72threadlibraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$String$DeallocEval_Thread$AddressArg_AttrFormatLong_Object_OccurredParseProcRestoreSaveSizeTuple_Void
                                                  • String ID: Os:in_dll$_handle$could not convert the _handle attribute to a pointer$symbol '%s' not found$the _handle attribute of the second argument must be an integer
                                                  • API String ID: 3341457601-4011516582
                                                  • Opcode ID: b1682e2fe6b9403d153e33361adfdb6ece592f2eab746c08e332a8cb71686b83
                                                  • Instruction ID: 91085b1346f3ca8d98600b850f3b0665ae62d587437d62aa15b34bd59085de34
                                                  • Opcode Fuzzy Hash: b1682e2fe6b9403d153e33361adfdb6ece592f2eab746c08e332a8cb71686b83
                                                  • Instruction Fuzzy Hash: CA311021F08E42C9FB548B27E8441B963A1BFA8FE1B5841B1D93E67775DE6CE446C308
                                                  Function 00007FFE13303BF0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Bytes_String
                                                  • String ID: Don't know how to convert parameter %d$_ctypes pymem$int too long to convert
                                                  • API String ID: 338066286-4137960972
                                                  • Opcode ID: 33638274120b6691e25a71324b87940aeb91d1c20ca3e18fdcd3bc5151672ed0
                                                  • Instruction ID: 880ca8e30e3efe3b30bad6e3c07a30e9509c9adbe2eadd658c46ba95c121c2bb
                                                  • Opcode Fuzzy Hash: 33638274120b6691e25a71324b87940aeb91d1c20ca3e18fdcd3bc5151672ed0
                                                  • Instruction Fuzzy Hash: 4D614A32A09F42C9EB008F26E44017D23A4FB68BB4B4845B1CA6EA3779DF3CE455C348
                                                  Function 00007FFE13301458 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocDict_$CallErr_ErrorFromFunction_ItemLong_Object_OccurredPackSizeSsize_tTuple_With
                                                  • String ID: %.200s_Array_%Id$Array length must be >= 0, not %zd$Expected a type object$_length_$_type_$s(O){s:n,s:O}
                                                  • API String ID: 2975079148-1488966637
                                                  • Opcode ID: ea3da00a8fa99686a37871fc0586e0d07918280253ef6fcdb7a7c757238627c5
                                                  • Instruction ID: 2fb6e848bee120900d7f9a6180d0987ad42ef9119c5c5be2f3c3975e60f2799b
                                                  • Opcode Fuzzy Hash: ea3da00a8fa99686a37871fc0586e0d07918280253ef6fcdb7a7c757238627c5
                                                  • Instruction Fuzzy Hash: B5514C25E09E42CCFA558B53E9542BD63A0AFA4BE4F0445B1DA2E6B775EF3CE0458308
                                                  Function 00007FFE1330DD5C Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 80threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Capsule_$Dict_Err_ItemMem_String$DeallocDictErrorFreeFromInternMallocOccurredPointerState_ThreadUnicode_ValidWith
                                                  • String ID: _ctypes pymem$cannot get thread state$ctypes.error_object$ctypes.error_object is an invalid capsule
                                                  • API String ID: 830874875-3474121714
                                                  • Opcode ID: 2bb1a87e73bca4652e838fac4122f7796e303849dce0c89fd1d2022574556888
                                                  • Instruction ID: d1e4ef6e563a0fe70b75a0db94ff6c1c6de76d096f3ec47a7fb2996ee3f4abd4
                                                  • Opcode Fuzzy Hash: 2bb1a87e73bca4652e838fac4122f7796e303849dce0c89fd1d2022574556888
                                                  • Instruction Fuzzy Hash: 86311824E09F02C9FA548B13A8581BC67E0AF68BB0B4454B5C93E62776EF3DE445C308
                                                  Function 00007FFE13302724 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 114threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Object_$DeallocErr_$AttrCallCheckClearInstanceLookupRecursiveState_StringThreadUnicode_
                                                  • String ID: abstract class$while processing _as_parameter_$wrong type
                                                  • API String ID: 3150186519-1173273510
                                                  • Opcode ID: e5c6f0526297d2e91486ad74fedb45c490beeb2e1f5e520d4f1cfcbe111bbd41
                                                  • Instruction ID: a5362986d77389391fbb84da8725e7375038b467b7a128a1cd65c18d577d892e
                                                  • Opcode Fuzzy Hash: e5c6f0526297d2e91486ad74fedb45c490beeb2e1f5e520d4f1cfcbe111bbd41
                                                  • Instruction Fuzzy Hash: E6514F22E08E42C9E7519B27E8841BD67A0EFA4FB1F1401B5DA6DA3776DF6CE445C308
                                                  Function 00007FFE00777FC8 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 195COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Decorator::getNameReplicator::operator+=Template
                                                  • String ID: generic-type-$template-parameter-
                                                  • API String ID: 2731555906-13229604
                                                  • Opcode ID: 396f79b88366afe23f1aff7c6d7c11bf4edeca51deac59b79e7b12377a9b3622
                                                  • Instruction ID: 200a8c77a7434899c2adc704615033de5fcfb1606ac7a6aa04c311abaf70d180
                                                  • Opcode Fuzzy Hash: 396f79b88366afe23f1aff7c6d7c11bf4edeca51deac59b79e7b12377a9b3622
                                                  • Instruction Fuzzy Hash: 54919122B1AA8688FB52AB24D8546BC37A1BB44BC4F484036DB0D577BEDF3CE506C711
                                                  Function 00007FFE1330B6E8 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FFE1330AE0F,?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330B72D
                                                  • PyObject_CallObject.PYTHON38 ref: 00007FFE1330B767
                                                    • Part of subcall function 00007FFE1330B6E8: _Py_Dealloc.PYTHON38 ref: 00007FFE1330B7D2
                                                    • Part of subcall function 00007FFE1330B6E8: PyType_IsSubtype.PYTHON38 ref: 00007FFE1330B7F6
                                                    • Part of subcall function 00007FFE1330B6E8: PyErr_Format.PYTHON38(?,?,?,?,?,00007FFE1330AE0F,?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330B83C
                                                    • Part of subcall function 00007FFE1330B6E8: PyObject_IsInstance.PYTHON38(?,?,?,?,?,00007FFE1330AE0F,?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330B84D
                                                    • Part of subcall function 00007FFE1330B6E8: memcpy.VCRUNTIME140(?,?,?,?,?,00007FFE1330AE0F,?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330B86E
                                                    • Part of subcall function 00007FFE1330B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FFE1330AE0F,?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330B883
                                                    • Part of subcall function 00007FFE1330B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FFE1330AE0F,?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330B8BF
                                                    • Part of subcall function 00007FFE1330B6E8: PyType_IsSubtype.PYTHON38(?,?,?,?,?,00007FFE1330AE0F,?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330B8D9
                                                    • Part of subcall function 00007FFE1330B6E8: PyTuple_Pack.PYTHON38(?,?,?,?,?,00007FFE1330AE0F,?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330B94A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: SubtypeType_$Object_$CallDeallocErr_FormatInstanceObjectPackTuple_memcpy
                                                  • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance
                                                  • API String ID: 1877528213-3177377183
                                                  • Opcode ID: 7ccca54be5616b242e0a439406719945fb519f7f527055ac9e68d89d2586da33
                                                  • Instruction ID: 8ba2b55c5edf66b61d00c2e6e9c8a9f0da7bfbaa51f9dbe0afd5893ab6ccecb0
                                                  • Opcode Fuzzy Hash: 7ccca54be5616b242e0a439406719945fb519f7f527055ac9e68d89d2586da33
                                                  • Instruction Fuzzy Hash: 96613865A08F46C9EA489F17D4402BD6361EFA4FE4F4844B2EE2D67BB5DF2CE4458308
                                                  Function 00007FFE1330C74C Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AttrObject_String$Arg_Dealloc$KeywordsParseSequence_SizeSliceTuple_
                                                  • String ID: OOO:COMError$args$details$hresult$text
                                                  • API String ID: 4238450639-2065934886
                                                  • Opcode ID: 0e33fc63f16e8cff2f69fe795086b1cf5b86fb5825d0457c417604a486835943
                                                  • Instruction ID: 18c274f551268bed53d5959ec716048c2c9a76f533e273e818485331268ac665
                                                  • Opcode Fuzzy Hash: 0e33fc63f16e8cff2f69fe795086b1cf5b86fb5825d0457c417604a486835943
                                                  • Instruction Fuzzy Hash: 1D313C65E08F4289EF008F27E8801A96760FFA5BE5B044175DE2E66676DE6CE446C348
                                                  Function 00007FFE1330CA68 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Dealloc$StringUnraisableWrite$AttrBlockClearFromImportImport_InternLongLong_ModuleObject_OccurredUnicode_
                                                  • String ID: DllCanUnloadNow$_ctypes.DllCanUnloadNow$ctypes
                                                  • API String ID: 3204538840-4136862661
                                                  • Opcode ID: e5f9706139b700ebf3836e30170918d6d26f8e0498e862d4720c226ccd4189c0
                                                  • Instruction ID: 7bd0c8ac4d1bd15a92344e539d9b13185743434143b343f8792f4cf12dd52b2c
                                                  • Opcode Fuzzy Hash: e5f9706139b700ebf3836e30170918d6d26f8e0498e862d4720c226ccd4189c0
                                                  • Instruction Fuzzy Hash: CE21E021F19F47C9EE589F17B95427863A1AF68BF4F0800B4C92E67776DF6CA4458308
                                                  Function 00007FFE13303EF0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 217COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyTuple_New.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FFE1330381F), ref: 00007FFE13308B32
                                                  • PyLong_AsUnsignedLongMask.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FFE1330381F), ref: 00007FFE13308BB4
                                                  • PyErr_Format.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FFE1330381F), ref: 00007FFE13308CCC
                                                  • _Py_Dealloc.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FFE1330381F), ref: 00007FFE13308CDD
                                                  • PyTuple_GetSlice.PYTHON38(?,?,?,?,?,?,?,00000000,?,00007FFE1330381F), ref: 00007FFE13308E38
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Tuple_$DeallocErr_FormatLongLong_MaskSliceUnsigned
                                                  • String ID: %s 'out' parameter must be passed as default value$NULL stgdict unexpected$call takes exactly %d arguments (%zd given)$paramflag %u not yet implemented
                                                  • API String ID: 3242343960-2588965191
                                                  • Opcode ID: c3d25f6ff976ab77f80a9ea2e4cc46bf2b90c6acbe4a17057b8ead6a7b4d00b8
                                                  • Instruction ID: 631e20a8182a18aa45bc2657b81eb9b5b302b0531ac2658d49ff4fb890985ae6
                                                  • Opcode Fuzzy Hash: c3d25f6ff976ab77f80a9ea2e4cc46bf2b90c6acbe4a17057b8ead6a7b4d00b8
                                                  • Instruction Fuzzy Hash: BCA16E32A09F81C9DA60CB16E8402BDB7B0FBA8BA4F104176DA6E97B65DF3CD445C704
                                                  Function 00007FF685C015C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                  • API String ID: 2030045667-1550345328
                                                  • Opcode ID: 255b8301470d2c09814697fd1abaf8d0a44c74aa93bf6ce883ab7e72569204a6
                                                  • Instruction ID: d78f21c400ed51210910d28036fc41c359cf374a476acdb7f13e40307f261449
                                                  • Opcode Fuzzy Hash: 255b8301470d2c09814697fd1abaf8d0a44c74aa93bf6ce883ab7e72569204a6
                                                  • Instruction Fuzzy Hash: FA517DA6B08643D2EA109B15E8405B967B0BF44FF8F44513EEE0C87A96EF3CE954CB40
                                                  Function 00007FFE1330BC94 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocItem$Err_$Dict_ErrorOccurredSequence_With$AttrFormatObject_
                                                  • String ID: duplicate values for field %R
                                                  • API String ID: 520049408-1910533534
                                                  • Opcode ID: 63eb75f7de272bfca248c975c6237f03e04b0ca255ec1df21ccee52375a0f8c8
                                                  • Instruction ID: 1e79c1e6677705753578a06d27b44c5190f9c221bf3953144bfb877ba303d5db
                                                  • Opcode Fuzzy Hash: 63eb75f7de272bfca248c975c6237f03e04b0ca255ec1df21ccee52375a0f8c8
                                                  • Instruction Fuzzy Hash: 6A515E31A09E4288EE5D8F17A84417D63A0AF65BF4F0442B1CE7D267B5EE3CE445C308
                                                  Function 00007FF685C077D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF685C086B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF685C03FA4,00000000,00007FF685C01925), ref: 00007FF685C086E9
                                                  • ExpandEnvironmentStringsW.KERNEL32(?,00007FF685C07C97,?,?,FFFFFFFF,00007FF685C03834), ref: 00007FF685C0782C
                                                    • Part of subcall function 00007FF685C026C0: MessageBoxW.USER32 ref: 00007FF685C02736
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                  • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                  • API String ID: 1662231829-930877121
                                                  • Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                  • Instruction ID: 174da9e1a1d41ee0319f811facff8bfaf6130573b5af0245015b9ab299156cf0
                                                  • Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                  • Instruction Fuzzy Hash: 1841B393A1C642C1FA54AB24D8516BA63B1BF64FA4F50503ED64EC2695EE6CED08CF40
                                                  Function 00007FFE13309D4C Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$String$Arg_Buffer_ContiguousDeallocFormatFromMemoryObjectParseSizeTuple_View_
                                                  • String ID: Buffer size too small (%zd instead of at least %zd bytes)$O|n:from_buffer$abstract class$offset cannot be negative$underlying buffer is not C contiguous$underlying buffer is not writable
                                                  • API String ID: 3855407247-993325174
                                                  • Opcode ID: 42e492d205ad7dd4c6f6c7cf540caaa1e8787fca46433464cb0af44fa82531f9
                                                  • Instruction ID: 98491b9bdb41a972be6d545b78d2a0c40539f8fa69e2e2c1f557003df4a5c1a1
                                                  • Opcode Fuzzy Hash: 42e492d205ad7dd4c6f6c7cf540caaa1e8787fca46433464cb0af44fa82531f9
                                                  • Instruction Fuzzy Hash: 3F419E71E08E42C9EA509B27D8502BD6360AFA4BF4F4441B1D93EA76B6DE7CE845C308
                                                  Function 00007FFE1330E5EC Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$FormatMem_$Arg_MallocMemoryParseReallocStringTuplememcpymemset
                                                  • String ID: Memory cannot be resized because this object doesn't own it$On:resize$excepted ctypes instance$minimum size is %zd
                                                  • API String ID: 1724287917-828838525
                                                  • Opcode ID: ad00693b1f41e5ca7e3484ef3154eacaae73e7bba493512c86e3f1556b94f2bf
                                                  • Instruction ID: 2350bf9371f00ddbda7ffaac9e14084a93c5f5d657f674c9fb6f0c9af0e6c030
                                                  • Opcode Fuzzy Hash: ad00693b1f41e5ca7e3484ef3154eacaae73e7bba493512c86e3f1556b94f2bf
                                                  • Instruction Fuzzy Hash: F1411A65B08F0AC9EB148B17E4500BC63A0FB68FA8B0415B2D92E67775DE3CE4848358
                                                  Function 00007FFE13304DA0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 63threadlibraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_Eval_FromThread$Arg_AuditErrorFormatLastLibraryLoadLong_ParseRestoreSaveSys_TupleUnicodeUnicode_VoidWindows
                                                  • String ID: Could not find module '%.500S'. Try using the full path with constructor syntax.$U|i:LoadLibrary$ctypes.dlopen
                                                  • API String ID: 3052933754-3881442430
                                                  • Opcode ID: b40d6f49d5e738a373c4095ccb546efa75c5e8c24845934a071df0328de69760
                                                  • Instruction ID: 0d54f52f184379726c12bc8431c27b0a4d96332dd4c4644d02f5a9a6ae592308
                                                  • Opcode Fuzzy Hash: b40d6f49d5e738a373c4095ccb546efa75c5e8c24845934a071df0328de69760
                                                  • Instruction Fuzzy Hash: 8C214620E08F03C9EB148B67E8441B863A0AFA9FE1B0440B1CA2E63775DE2CE549C708
                                                  Function 00007FFE13305A64 Relevance: 21.2, APIs: 14, Instructions: 235COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Initialize__scrt_acquire_startup_lock__scrt_fastfail__scrt_release_startup_lock$__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_uninitialize_crt
                                                  • String ID:
                                                  • API String ID: 627783611-0
                                                  • Opcode ID: 0ebd8746482718f53aaa09db22ff1335a23d4f0a5baafc4d55a168c058cf6849
                                                  • Instruction ID: 70de241f9d5af50f1c1f9479a377124be81f5b1b6c32ca6b706870b7a45e54d7
                                                  • Opcode Fuzzy Hash: 0ebd8746482718f53aaa09db22ff1335a23d4f0a5baafc4d55a168c058cf6849
                                                  • Instruction Fuzzy Hash: 4E917D21E0CE478EFA54AB6794812BD2690EFA57B0F1440B5E92D673FBDE3CE4458708
                                                  Function 00007FFE1330C0D0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: SubtypeType_$DeallocObject_$AttrErr_InstanceLookupStringUnicode_
                                                  • String ID: P$wrong type
                                                  • API String ID: 1377076302-281217272
                                                  • Opcode ID: 978eeed2b6b77deb299817cca6917130e5b22cb48f60c1b97f36ef281d6ad2ee
                                                  • Instruction ID: 7d22a4d0e43399cdcf7db2666f9833e7b0293c5b745c79f413c716a5da70e211
                                                  • Opcode Fuzzy Hash: 978eeed2b6b77deb299817cca6917130e5b22cb48f60c1b97f36ef281d6ad2ee
                                                  • Instruction Fuzzy Hash: 03816B21E09F42C8FE588B17D85027D27A0AF75BA4F4840B5D92EAB7B5EF2CE445C348
                                                  Function 00007FFE1330D610 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 123threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Free$String$Eval_Thread$BuildDeallocErr_ErrorFromInfoLocalObjectProgRestoreSaveValue
                                                  • String ID: iu(uuuiu)
                                                  • API String ID: 2817777535-1877708109
                                                  • Opcode ID: e5eff153cfe1cd8670bfd46b16d384ab02d5ebfb2d41f94c074ba4d46b02b2fa
                                                  • Instruction ID: 6e8dbf4247706b65d88e37a90846ea170558ec2267da3515ae8483e56ea44226
                                                  • Opcode Fuzzy Hash: e5eff153cfe1cd8670bfd46b16d384ab02d5ebfb2d41f94c074ba4d46b02b2fa
                                                  • Instruction Fuzzy Hash: 35510766B05E46DAEB009F66D4943AC23B0FB98FA8F004576DE1E67B29DF3CD5088344
                                                  Function 00007FFE1330D370 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PySequence_Size.PYTHON38(?,?,?,?,?,00007FFE1330748C), ref: 00007FFE1330D39B
                                                    • Part of subcall function 00007FFE1330C97C: _PyObject_GC_NewVar.PYTHON38(?,?,?,00007FFE1330D3AC,?,?,?,?,?,00007FFE1330748C), ref: 00007FFE1330C993
                                                    • Part of subcall function 00007FFE1330C97C: memset.VCRUNTIME140(?,?,?,00007FFE1330D3AC,?,?,?,?,?,00007FFE1330748C), ref: 00007FFE1330C9B5
                                                    • Part of subcall function 00007FFE1330C97C: memset.VCRUNTIME140 ref: 00007FFE1330C9EA
                                                    • Part of subcall function 00007FFE1330C97C: PyObject_GC_Track.PYTHON38 ref: 00007FFE1330C9F2
                                                  • PyErr_NoMemory.PYTHON38(?,?,?,?,?,00007FFE1330748C), ref: 00007FFE1330D3CA
                                                  • PySequence_GetItem.PYTHON38(?,?,?,?,?,00007FFE1330748C), ref: 00007FFE1330D3E9
                                                  • _Py_Dealloc.PYTHON38(?,?,?,?,?,00007FFE1330748C), ref: 00007FFE1330D40F
                                                  • ffi_prep_cif.LIBFFI-7 ref: 00007FFE1330D48D
                                                  • PyErr_Format.PYTHON38 ref: 00007FFE1330D4AB
                                                  • _Py_Dealloc.PYTHON38 ref: 00007FFE1330D514
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocErr_Object_Sequence_memset$FormatItemMemorySizeTrackffi_prep_cif
                                                  • String ID: ffi_prep_cif failed with %d$ffi_prep_closure failed with %d$invalid result type for callback function
                                                  • API String ID: 3883550313-3338905684
                                                  • Opcode ID: 76b5466474ba48a2bb1c16240e8aff6746a86e2f47daa98a88a6211b61984917
                                                  • Instruction ID: 67eec1a40b7e9e5f31824f17820b926add7716005d944ffeaa28533a4cf629dd
                                                  • Opcode Fuzzy Hash: 76b5466474ba48a2bb1c16240e8aff6746a86e2f47daa98a88a6211b61984917
                                                  • Instruction Fuzzy Hash: 43513722A09F42C9EB149F67A8442BD63A0EB68BA4F0401B5DD6D67779DF3CE445C348
                                                  Function 00007FFE133041A4 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$AttrObject_$FastLookupSequence_
                                                  • String ID: '%U' is specified in _anonymous_ but not in _fields_$_anonymous_ must be a sequence
                                                  • API String ID: 1391743325-2678605723
                                                  • Opcode ID: 12dcecb767fa8d9d3a04c041334e511a40fffd52d739d7fcfaaa13542d8efb93
                                                  • Instruction ID: fc5441500957a432205cb37087ad5b41c02a92aa0bed8befbdccec1b49bfd18d
                                                  • Opcode Fuzzy Hash: 12dcecb767fa8d9d3a04c041334e511a40fffd52d739d7fcfaaa13542d8efb93
                                                  • Instruction Fuzzy Hash: B0416F31E08E42C9EB588F27E9401BC63A0FF65BB4F0441B1DA2E662B5DF7DE4528308
                                                  Function 00007FFE133029D0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Dict_ErrorItemOccurredWith$AttrLookupObject_$Callable_CheckLongLong_MaskSequence_StringTupleTuple_Unsigned
                                                  • String ID: _restype_ must be a type, a callable, or None$class must define _flags_ which must be an integer
                                                  • API String ID: 3087875697-2538317290
                                                  • Opcode ID: a650ae08d96c4e209c106faa92d77aba7b425a04122475ea6e6e737c462934a6
                                                  • Instruction ID: ba30ffc85d4140b41728ef4f93c79e7f2e5549ead1c49c03aa8425099a681237
                                                  • Opcode Fuzzy Hash: a650ae08d96c4e209c106faa92d77aba7b425a04122475ea6e6e737c462934a6
                                                  • Instruction Fuzzy Hash: 4F413921E09F42D9EA558F26E5403B863A0FF64BA5F4451B5CA2EA6371EF3CE495C308
                                                  Function 00007FFE133041F8 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Err_$AttrFormatLookupObject_OccurredSequence_StringTupleTuple_
                                                  • String ID: _argtypes_ must be a sequence of types$item %zd in _argtypes_ has no from_param method
                                                  • API String ID: 846282434-3063448601
                                                  • Opcode ID: 3ff5ebf6d040ac514a47d7c7f21607858fbd491d35113fefa722fe6b848f6617
                                                  • Instruction ID: 1238c21aeb5a3bd135ad89ad0ead74d55cfedfead118d9e467ff7b93dbd87065
                                                  • Opcode Fuzzy Hash: 3ff5ebf6d040ac514a47d7c7f21607858fbd491d35113fefa722fe6b848f6617
                                                  • Instruction Fuzzy Hash: E4316B21E09E43C9EB549F27E9441BD67A4EFA4BB4B0840B1CA2E62775DF7DE446C308
                                                  Function 00007FFE133097BC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Number_OccurredSsize_tString
                                                  • String ID: Array does not support item deletion$Can only assign sequence of same size$indices must be integer
                                                  • API String ID: 3815977620-3643249925
                                                  • Opcode ID: 6b6318933739b3b075ee83dfb703e90efbd664ea45f1749ba5fa0166e0716b41
                                                  • Instruction ID: 8812085cf09a29d0468cb6fe6d2566a455def73c43cb75163f4945538bdd7d15
                                                  • Opcode Fuzzy Hash: 6b6318933739b3b075ee83dfb703e90efbd664ea45f1749ba5fa0166e0716b41
                                                  • Instruction Fuzzy Hash: 55415B62A09E42C9EE548F57D8801B92361BF68BF4F0485B1DD7D67BB5DE3CE4458308
                                                  Function 00007FFE13309EA4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Buffer_ReleaseString$Arg_FormatParseSizeTuple_memcpy
                                                  • String ID: Buffer size too small (%zd instead of at least %zd bytes)$abstract class$offset cannot be negative$y*|n:from_buffer_copy
                                                  • API String ID: 1815618437-871501202
                                                  • Opcode ID: 03d886769cc6716227b8711dd5de20201db812fee66a2c828ced65105659bb97
                                                  • Instruction ID: 772182d8e884e6dd7bea457c580f7abcb76c58a9ad8515d9384502df62e1c22a
                                                  • Opcode Fuzzy Hash: 03d886769cc6716227b8711dd5de20201db812fee66a2c828ced65105659bb97
                                                  • Instruction Fuzzy Hash: EA314C61B18E46C9EB10CB27E4401AD6360FBA8FE4B5441B2DA2DA3B79DE3CE405C308
                                                  Function 00007FFE133017B4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Unicode_$CallConcatDict_FromInternObjectObject_StringTuple_Update
                                                  • String ID: _be
                                                  • API String ID: 1673887913-4071763053
                                                  • Opcode ID: 35f446f5b6b1b956f4fd8af42bf33edcf66db14131a12e619c936b27e730e859
                                                  • Instruction ID: 4058f2d054179a164a495f80e503e9cb1e291c4681d25f90c23a1680cc44fc38
                                                  • Opcode Fuzzy Hash: 35f446f5b6b1b956f4fd8af42bf33edcf66db14131a12e619c936b27e730e859
                                                  • Instruction Fuzzy Hash: F3513836A09F4689DB598F26D85027C73A5FB68FA0B084175CEAD23365DF7CE4A1C348
                                                  Function 00007FF685C020F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                  • String ID: P%
                                                  • API String ID: 2147705588-2959514604
                                                  • Opcode ID: 028f263e58f42d33d872b22938efc015f71aa7b4c996476cfe5add7d8b08dd36
                                                  • Instruction ID: 913a00daae06dad764ba5f7a1aef582b9441d0edf25120705a8d311968f6d56d
                                                  • Opcode Fuzzy Hash: 028f263e58f42d33d872b22938efc015f71aa7b4c996476cfe5add7d8b08dd36
                                                  • Instruction Fuzzy Hash: 94511666604BA1C6D6249F22E4581BAB7B1FB98B65F004129EBCE83684DF3CD445DB10
                                                  Function 00007FFE1330D8B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FromStringUnicode_
                                                  • String ID: <cparam '%c' (%I64d)>$<cparam '%c' (%d)>$<cparam '%c' (%f)>$<cparam '%c' (%ld)>$<cparam '%c' (%p)>$<cparam '%c' ('%c')>$<cparam '%c' ('\x%02x')>$<cparam '%c' at %p>$<cparam 0x%02x at %p>
                                                  • API String ID: 2818169177-1032293993
                                                  • Opcode ID: 8e7886e10174158f50e63f1f00364b570f2f82a2db45fe417b6a369fba985387
                                                  • Instruction ID: 8c82262ab074a118e7e47eb9fa5c25fa0f88b2311e33edb6e52ef4a965c341b0
                                                  • Opcode Fuzzy Hash: 8e7886e10174158f50e63f1f00364b570f2f82a2db45fe417b6a369fba985387
                                                  • Instruction Fuzzy Hash: 1041A062A0CD438DE7768B2AA81857C27B1FB65728F5402B1D5EE368B9DE1CE505C308
                                                  Function 00007FFE1330AE3C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Arg_AttrDict_Err_FormatObject_ParseSizeStringTuple_Updatememcpy
                                                  • String ID: %.200s.__dict__ must be a dictionary, not %.200s$O!s#$__dict__
                                                  • API String ID: 111561578-4068157617
                                                  • Opcode ID: 58e6a00ed9d267c7dd8526cada96408385d97ceb47587c6d35058d8e66b14ce7
                                                  • Instruction ID: f01f5d925c7c44ff8b79b5fe1eb5624ba79f2b451687262de019a6e03f200428
                                                  • Opcode Fuzzy Hash: 58e6a00ed9d267c7dd8526cada96408385d97ceb47587c6d35058d8e66b14ce7
                                                  • Instruction Fuzzy Hash: 22311672A08F46C9EB408B57E8441B863A0FB68BF4B184276DA2D63775CF7CE495C308
                                                  Function 00007FFE13304B60 Relevance: 16.6, APIs: 11, Instructions: 116COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc
                                                  • String ID:
                                                  • API String ID: 3617616757-0
                                                  • Opcode ID: b2883efe41b187946146f3a4c404d68ea07e5c6b5242b3d64d721331a57dd5fc
                                                  • Instruction ID: ca89c591d3ce1a842cf43616a2f0a55437e3e655872ef42f69bc0e4431cc9bd1
                                                  • Opcode Fuzzy Hash: b2883efe41b187946146f3a4c404d68ea07e5c6b5242b3d64d721331a57dd5fc
                                                  • Instruction Fuzzy Hash: C8513932E0DE02C9EB688F73948437C23A8EB75B79F1440B0C96E651B4CF6DA6458708
                                                  Function 00007FFE133038F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 237COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$ArgsCallErr_FunctionObject_Occurredffi_callffi_prep_cifmemset
                                                  • String ID: argument %zd:
                                                  • API String ID: 3446152234-2109984780
                                                  • Opcode ID: c920e970e24f574a3f25393bfb0e58e5599c1a73d600db7067e46461ab7b5ab3
                                                  • Instruction ID: cc647f89732c822a3057d079ad0d26a8e0f05ed858630d9b6139a0c22bbca3ba
                                                  • Opcode Fuzzy Hash: c920e970e24f574a3f25393bfb0e58e5599c1a73d600db7067e46461ab7b5ab3
                                                  • Instruction Fuzzy Hash: 6FA19422A09F8289EA648F2795402BE2360FF20BF4F544671DA7D67BE5DF3CE5458308
                                                  Function 00007FFE13303F80 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CallFunctionObject_$ArgsDeallocFromLongLong_SubtypeTraceback_Type_
                                                  • String ID: GetResult$_ctypes/callproc.c
                                                  • API String ID: 276671208-4166898048
                                                  • Opcode ID: 530bc2d210fd3b323a0918ef7c54ceed0a47631cf21d4f88d000686fb3151742
                                                  • Instruction ID: 83dfd2c78570be84ac514295c0d610221efe6633a68d8c79fa7d5c0801ce10ec
                                                  • Opcode Fuzzy Hash: 530bc2d210fd3b323a0918ef7c54ceed0a47631cf21d4f88d000686fb3151742
                                                  • Instruction Fuzzy Hash: DD519F21E19E02C9EB548B17E6502BDA3A1EF65BB0F4440B1DA6E36AB1DF2CE545C708
                                                  Function 00007FFE133025A4 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Arg_FormatParseSizeStringTuple_
                                                  • String ID: abstract class$i|ZO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes
                                                  • API String ID: 3576850287-2768394740
                                                  • Opcode ID: b662a339171247125308a6015ac1936bee6e01cabed1c5037fc8db8e585e3441
                                                  • Instruction ID: 1d17594c8f27236deba472f37ebe3444d3949c94770332615fa41cadb10f31f1
                                                  • Opcode Fuzzy Hash: b662a339171247125308a6015ac1936bee6e01cabed1c5037fc8db8e585e3441
                                                  • Instruction Fuzzy Hash: 56315061E08E47DDEE668B17D4401BD6361EF60BE4F5480B2E92DA75B5DF2CE485C308
                                                  Function 00007FFE1330B5E0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$CharStringUnicode_Wide$DeallocFormat
                                                  • String ID: can't delete attribute$string too long$unicode string expected instead of %s instance
                                                  • API String ID: 1407654538-1577475929
                                                  • Opcode ID: 9bc8028b2fc0058224e388ff4d436136f2b49ea49f03b5c1889dff7a5873b68a
                                                  • Instruction ID: fed27fc9aa9515723f7736a64a0714bc3043e0b491738d222edb42509b25a559
                                                  • Opcode Fuzzy Hash: 9bc8028b2fc0058224e388ff4d436136f2b49ea49f03b5c1889dff7a5873b68a
                                                  • Instruction Fuzzy Hash: 8B316A61A08E4AC9EB049F17E4801BC6360FB64BF4F145672DA7D67BB9DF2CE0458348
                                                  Function 00007FFE1330E8C0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 56memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: String$Free$Err_Mem_$AllocCharFormatUnicode_Wide
                                                  • String ID: String too long for BSTR$unicode string expected instead of %s instance
                                                  • API String ID: 920172908-178309214
                                                  • Opcode ID: 4149c1a81c04bdb3fdc818633bc0b3cb66efdfdd670b271a8ed2ce78be49526d
                                                  • Instruction ID: 3c7372021bc8c825344018e12a98d21ba554976045e3c4a972af835e60fe820e
                                                  • Opcode Fuzzy Hash: 4149c1a81c04bdb3fdc818633bc0b3cb66efdfdd670b271a8ed2ce78be49526d
                                                  • Instruction Fuzzy Hash: 4D212A25F19E46C9EA548B57E8400786360BFA8FE0F1444B2DDAE63735CE3CE4548308
                                                  Function 00007FFE1330A2D0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$DeallocString$Formatmemcpy
                                                  • String ID: byte string too long$bytes expected instead of %s instance$can't delete attribute
                                                  • API String ID: 1948958528-1866040848
                                                  • Opcode ID: 0089817566cd73aeb9c57cc19a0e3cf605cb8c4e165fe2323640650f8db5ae90
                                                  • Instruction ID: 04210ae1282312aca9ee5d88164320ce380675982cceb9d7a9161bedbf4c1aa4
                                                  • Opcode Fuzzy Hash: 0089817566cd73aeb9c57cc19a0e3cf605cb8c4e165fe2323640650f8db5ae90
                                                  • Instruction Fuzzy Hash: 6E213D61E08E42C9EB508B27E44017D6360FB64BE4F1052B2DA6E67675CF2CE4868308
                                                  Function 00007FF685C155A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: -$:$f$p$p
                                                  • API String ID: 3215553584-2013873522
                                                  • Opcode ID: 6485ef080591767760fe67f9caec812fff4e1ba5c20858478bd9f0fbec74de2f
                                                  • Instruction ID: 5f128ff19d44581ba5cae1e256bb8cc41c003bd2b930f3070dd9d33e21b7b72c
                                                  • Opcode Fuzzy Hash: 6485ef080591767760fe67f9caec812fff4e1ba5c20858478bd9f0fbec74de2f
                                                  • Instruction Fuzzy Hash: A7128D23A98243C6FB209A15D1542B972B1FF40B72F94403EE69A866C4DF7CED91CF45
                                                  Function 00007FF685C102E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: f$f$p$p$f
                                                  • API String ID: 3215553584-1325933183
                                                  • Opcode ID: 47a7a6303f50c331757a7ed503f6ccc132970c05c2223996d06c8e5714df85c4
                                                  • Instruction ID: 9259d816822699217a979777ffc53d5e3bf3980c774dee6288a6c888c3f484fe
                                                  • Opcode Fuzzy Hash: 47a7a6303f50c331757a7ed503f6ccc132970c05c2223996d06c8e5714df85c4
                                                  • Instruction Fuzzy Hash: D3125C63A4C143C7FB20AA15E0546BA6671FF80B64F88403EE69A966C4DF7CEC90CF50
                                                  Function 00007FFE13301E0C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyLong_AsVoidPtr.PYTHON38 ref: 00007FFE13301E9F
                                                    • Part of subcall function 00007FFE13302010: _PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FFE1330204C
                                                    • Part of subcall function 00007FFE13302010: PySequence_Tuple.PYTHON38 ref: 00007FFE1330206F
                                                    • Part of subcall function 00007FFE13302010: _PyArg_ParseTuple_SizeT.PYTHON38 ref: 00007FFE133020A0
                                                    • Part of subcall function 00007FFE13302010: PySys_Audit.PYTHON38 ref: 00007FFE133020D1
                                                    • Part of subcall function 00007FFE13302010: PyObject_GetAttrString.PYTHON38 ref: 00007FFE133020EA
                                                    • Part of subcall function 00007FFE13302010: PyLong_AsVoidPtr.PYTHON38 ref: 00007FFE13302113
                                                    • Part of subcall function 00007FFE13302010: PyErr_Occurred.PYTHON38 ref: 00007FFE13302126
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Arg_Long_ParseSizeTuple_Void$AttrAuditErr_Object_OccurredSequence_StringSys_Tuple
                                                  • String ID: argument must be callable or integer function address$cannot construct instance of this class: no argtypes
                                                  • API String ID: 4181388754-2742191083
                                                  • Opcode ID: 95199a011234cc55058fc8dd18c5086f66689566921fae72a51de8fa4d81df3f
                                                  • Instruction ID: a63f72155bb849afc3b6b5e9f5e5efb58985b372a42cbaed80d568710372de67
                                                  • Opcode Fuzzy Hash: 95199a011234cc55058fc8dd18c5086f66689566921fae72a51de8fa4d81df3f
                                                  • Instruction Fuzzy Hash: 2E518E35E09F4288EA558B27D8401BD23A1AF65FE0F0844B1DE6E677B9DF2CE441C348
                                                  Function 00007FFE1330C378 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc
                                                  • String ID: wrong type
                                                  • API String ID: 3617616757-2191655096
                                                  • Opcode ID: 145fd6ca234b13e2fd656f9f0c6ee79a1be4d5a2110f2a11c1c077804be63fb0
                                                  • Instruction ID: 621192e4c1975294599313c8fd85fe8a3128181c80332d511d3260096180ddb8
                                                  • Opcode Fuzzy Hash: 145fd6ca234b13e2fd656f9f0c6ee79a1be4d5a2110f2a11c1c077804be63fb0
                                                  • Instruction Fuzzy Hash: 50516E21A09F42C8EE558B17D4401BD63A1FF64BE4B4445B1D92E6BBB5DF2CE485C308
                                                  Function 00007FFE1330BEEC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc
                                                  • String ID: wrong type
                                                  • API String ID: 3617616757-2191655096
                                                  • Opcode ID: 0b4988f90789b608884a0820312154a766ff298a7a478ea2e6fe614ac435d5fe
                                                  • Instruction ID: 0a26b7963fab5027ba2f283abcc714143f06d6c8fef4aadaaff979f18fc5788a
                                                  • Opcode Fuzzy Hash: 0b4988f90789b608884a0820312154a766ff298a7a478ea2e6fe614ac435d5fe
                                                  • Instruction Fuzzy Hash: EA516D21A09F03C9EE589B13D95017D63A1AF64BE4F1885B1D92E6B7B6EF2CE444C308
                                                  Function 00007FF685C01050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message
                                                  • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                  • API String ID: 2030045667-3659356012
                                                  • Opcode ID: fe0539693312307a6548d1b6f9691386f436f5edd5898c8b8ef1b4374cb7018a
                                                  • Instruction ID: b622ff116a6b7cbf147b2b2426d580b107edee737ec68efc5e06965f48723e43
                                                  • Opcode Fuzzy Hash: fe0539693312307a6548d1b6f9691386f436f5edd5898c8b8ef1b4374cb7018a
                                                  • Instruction Fuzzy Hash: B84171A3B08642C2EA149B16EC405BAA7B1BF44FE8F54503EED4D87B95DE3CE945CB40
                                                  Function 00007FF685C07FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                  • String ID: CreateProcessW$Failed to create child process!
                                                  • API String ID: 2895956056-699529898
                                                  • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                  • Instruction ID: 65c86dea5ac9955d3aaf635590593dcea5de7b7204374136b13eb37b1bac225b
                                                  • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                  • Instruction Fuzzy Hash: 03411D72A08B82C1DA209B65E4452AA62B1FF89B74F50133DE6AD877D5DF7CD444CF40
                                                  Function 00007FFE007777E8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: NameName::Name::operator+Name::operator+=$Decorator::getDimensionName::doPcharSigned
                                                  • String ID: `template-parameter$void
                                                  • API String ID: 1951524168-4057429177
                                                  • Opcode ID: 6ae3ef52113e57d35b7955a0f65f779d93265ba774f9a60eaa75a8868ae336a0
                                                  • Instruction ID: 4b1be3a8b590e2e152ece9e9301d75cbb350c6886e79a7c88ff692ae31003c90
                                                  • Opcode Fuzzy Hash: 6ae3ef52113e57d35b7955a0f65f779d93265ba774f9a60eaa75a8868ae336a0
                                                  • Instruction Fuzzy Hash: 7C314721B1AA4685FB06AB61D8543BD23A1BB58BC4F884032CF1D1B7BEDF6CE405C752
                                                  Function 00007FFE13309FC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: InstanceObject_$Err_Format
                                                  • String ID: ???$expected %s instance instead of %s$expected %s instance instead of pointer to %s
                                                  • API String ID: 215623467-1082101171
                                                  • Opcode ID: 7daf5171bb28265ae10482dd7f65e8456ce21089f6e24e5c542b3d35427a2017
                                                  • Instruction ID: 1aa2d7f9847e36d919b5b73f79d9ccbca4c00a63f4b0f6627ef986164d9a6a9d
                                                  • Opcode Fuzzy Hash: 7daf5171bb28265ae10482dd7f65e8456ce21089f6e24e5c542b3d35427a2017
                                                  • Instruction Fuzzy Hash: B9316F61A08E46C9FA548F23E54017D6361EF68FB4B1442B1EE2D63BB5DF2CE8468348
                                                  Function 00007FFE1330E7AC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocObject_$Call$Arg_ArgsAttrMethodParseTuple
                                                  • String ID: OO!
                                                  • API String ID: 3617613968-3205451899
                                                  • Opcode ID: 89e33619414e4ae2e5cc80a3a5b6a94440a81f206e1f3bb8904daee7c26bde4d
                                                  • Instruction ID: 6c1a01d0f71a5347ae3b05821511ffc6537ffe87072c895ed46e47d79cd43140
                                                  • Opcode Fuzzy Hash: 89e33619414e4ae2e5cc80a3a5b6a94440a81f206e1f3bb8904daee7c26bde4d
                                                  • Instruction Fuzzy Hash: 76215822F08E47C5EB448B67A8845B863A0EF64FF5B4440B5CA2D63779EE6CE5458348
                                                  Function 00007FFE1330DF74 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$BuildDeallocFromLong_OccurredSsize_tStringTuple_Value
                                                  • String ID: not a ctypes type or object$siN
                                                  • API String ID: 1444022424-92050270
                                                  • Opcode ID: b1e41389128e37b91cd626e8d2f1abe88861ad0e6b1fe02023e3c6aa7f6ba98b
                                                  • Instruction ID: 21867e01a9262aedd9024ae65b6b6d4efc41386eaa0b679c75362c2ffb24fa3f
                                                  • Opcode Fuzzy Hash: b1e41389128e37b91cd626e8d2f1abe88861ad0e6b1fe02023e3c6aa7f6ba98b
                                                  • Instruction Fuzzy Hash: 9E213D21A19E42C9EA508B23E5542BD73A1EF68BA5F0485B4DD2E67775DF2CE4418308
                                                  Function 00007FFE1330A23C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Buffer_Err_ReleaseString$BufferObject_memcpy
                                                  • String ID: byte string too long$cannot delete attribute
                                                  • API String ID: 1128862751-688604938
                                                  • Opcode ID: 865899bc16da5b7e00948234228a90162568b208c35d8bfa1d74ae81175d88b9
                                                  • Instruction ID: ad4d3c34e5fb8b30472310fb2d1ec80096476f81f3a07f5698fad2a3de433886
                                                  • Opcode Fuzzy Hash: 865899bc16da5b7e00948234228a90162568b208c35d8bfa1d74ae81175d88b9
                                                  • Instruction Fuzzy Hash: 39018E61F18E42C9FB10CB62E4400B92360FFA4FB4F5042B2C97EA6675DE2DD545C708
                                                  Function 00007FFE0074F028 Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE0074F2D0: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE0074F2F0
                                                    • Part of subcall function 00007FFE0074F2D0: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE0074F346
                                                    • Part of subcall function 00007FFE0074F2D0: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE0074F3EB
                                                  • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FFE0074F105
                                                  • GetFileType.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FFE0074F123
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE0074F2B4
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE00786450
                                                  • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFE00786483
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterErrorFileLast$CloseCreateHandleLeaveType
                                                  • String ID:
                                                  • API String ID: 3788438030-0
                                                  • Opcode ID: a59d17f06b1bd9d842be46a7f28cfe95a224e8e552fd04205d7b926c9701eb9f
                                                  • Instruction ID: c6162ee2dcf7f8eca7ee2fdf1736147e82bc6d8fa6e73cf79d40b3b2d0054b80
                                                  • Opcode Fuzzy Hash: a59d17f06b1bd9d842be46a7f28cfe95a224e8e552fd04205d7b926c9701eb9f
                                                  • Instruction Fuzzy Hash: C2C1A036B2AA4285EB10EF68C4805AD3761FB49BA8B190335DB1E577E9CF3CD156C300
                                                  Function 00007FFE1331051C Relevance: 13.6, APIs: 9, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Mem_$Dealloc$FreeMalloc$memcpy$Err_Memory
                                                  • String ID:
                                                  • API String ID: 1239232669-0
                                                  • Opcode ID: 8038a40163754d38546e846e3206aeea7ea18e540806f35e72c0e09e829f2c94
                                                  • Instruction ID: fa13e5b90ef48955ccf6b2596aba47a6f3cb99631056121753f2ec1d23a94c0e
                                                  • Opcode Fuzzy Hash: 8038a40163754d38546e846e3206aeea7ea18e540806f35e72c0e09e829f2c94
                                                  • Instruction Fuzzy Hash: FA513E22B19F85D6EB498F36C5403B86360FBA8B94F049275DF6D137A6DF38A0A5C304
                                                  Function 00007FFE133025E4 Relevance: 13.6, APIs: 9, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocDict_$Err_ErrorItemObject_OccurredWith$AttrCallMakeUpdate
                                                  • String ID:
                                                  • API String ID: 3530831742-0
                                                  • Opcode ID: e1901c3f67c9cc1b02f91d214b5f4b6f328cd1706827d80eeb8e9729a1f67c59
                                                  • Instruction ID: 0d8f8fbf41dfe9c8697f43e51274c9a3b992143beaf73277b15ce1f8e115dcb9
                                                  • Opcode Fuzzy Hash: e1901c3f67c9cc1b02f91d214b5f4b6f328cd1706827d80eeb8e9729a1f67c59
                                                  • Instruction Fuzzy Hash: C3418E30E09F4388FE558B27D8802BD63A0AF64BB1F1841B4C96E667B5DF6CE441C308
                                                  Function 00007FF685C0DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 849930591-393685449
                                                  • Opcode ID: e61afc8d21ba52cdbe611d77afa9c967b031d652e012678c684f0478f5a183c7
                                                  • Instruction ID: fe6c1fef33d333b1dd90ba7e96ced3f2b34791cc073a9ec437f810eb4465e007
                                                  • Opcode Fuzzy Hash: e61afc8d21ba52cdbe611d77afa9c967b031d652e012678c684f0478f5a183c7
                                                  • Instruction Fuzzy Hash: 26D14DB3A08641C6EB609F65D4403AD67B4FF55BA8F10413EEA4D97B96CF38E981CB40
                                                  Function 00007FFE007E42CC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE00743440: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?,00007FFE0074AC33,?,?,?), ref: 00007FFE0074344A
                                                    • Part of subcall function 00007FFE00743440: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?,00007FFE0074AC33,?,?,?), ref: 00007FFE00743490
                                                    • Part of subcall function 00007FFE007E3FF0: GetCurrentDirectoryW.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FFE007E4030
                                                  • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE007E4397
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE007E43A3
                                                  • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE007E43E3
                                                  • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE007E4432
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00000000), ref: 00007FFE007E443F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$FullNamePath$CurrentDirectory
                                                  • String ID: .$:
                                                  • API String ID: 3092725408-4202072812
                                                  • Opcode ID: ef35eeac8d6858098a0af63d7695292964ee2a00a6a270ecab81768e333bc854
                                                  • Instruction ID: 34dc0c94f2c22192aee9945fc4f6883b0190666f9c5f25e8c665c37b26dc110e
                                                  • Opcode Fuzzy Hash: ef35eeac8d6858098a0af63d7695292964ee2a00a6a270ecab81768e333bc854
                                                  • Instruction Fuzzy Hash: 6C515E62F0B69389FB11BBB0D8502FD26A4AF58758F180435DF0D67BAEDF3CA4528211
                                                  Function 00007FFE00774BE8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: NameName::$Name::doName::operator+Pchar
                                                  • String ID: `non-type-template-parameter
                                                  • API String ID: 3026640183-4247534891
                                                  • Opcode ID: 8de7eb83a26ee2879d9e7f3dce981534833e223cfe94a637316e027b59d68b0d
                                                  • Instruction ID: d0009d0bf4cdfa5f538180f4f5c2d402b9a02bebedc7003681e37a8805677d67
                                                  • Opcode Fuzzy Hash: 8de7eb83a26ee2879d9e7f3dce981534833e223cfe94a637316e027b59d68b0d
                                                  • Instruction Fuzzy Hash: 48418B22B0AB9685FB12EB11D4805BC33A5BB11BC4F984435DB4D57BAADF3CE826C710
                                                  Function 00007FFE13304540 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$AttrCallable_CheckErr_LookupObject_String
                                                  • String ID: restype must be a type, a callable, or None
                                                  • API String ID: 1528254987-4008198047
                                                  • Opcode ID: bcf5ff4b89c9fe4f4b7b7fccda20e8ee7fb59f527eff786d0c9e238778eafffc
                                                  • Instruction ID: 66269bdf44ba47b96a138fda2eebae4b4a3582cf2ad22c6dd8f372bbba0e95de
                                                  • Opcode Fuzzy Hash: bcf5ff4b89c9fe4f4b7b7fccda20e8ee7fb59f527eff786d0c9e238778eafffc
                                                  • Instruction Fuzzy Hash: 25318B32E0CE42C9FA948B67E5403BC23A4FF64BB0F1841B0CA2D666B5CF2CE5458708
                                                  Function 00007FFE1330E050 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Arg_FormatNumber_OccurredSsize_tSubtypeTupleType_Unpack
                                                  • String ID: byref$byref() argument must be a ctypes instance, not '%s'
                                                  • API String ID: 3717719007-1446499295
                                                  • Opcode ID: c4fcb0d2af70f6561cc9c37071ef1dbce31ab30e50856d7ec59f5ee97f65bfa5
                                                  • Instruction ID: 26441cc8f37f75f658b0e06052e097df99625bee70c27423794ec17bb3bb9be7
                                                  • Opcode Fuzzy Hash: c4fcb0d2af70f6561cc9c37071ef1dbce31ab30e50856d7ec59f5ee97f65bfa5
                                                  • Instruction Fuzzy Hash: 23213666B08E46C9EB00CB53E4502B873A0FBA8BB4F444676CA6D93BA1DF7DD545C318
                                                  Function 00007FFE00773A08 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+=$Decorator::getNameName::operator+$Name::Name::operator=ScopeScoped
                                                  • String ID: void
                                                  • API String ID: 3176039966-3531332078
                                                  • Opcode ID: ecff6ed1bed2e6a40566607b567991730e33737c114e984eddfe2bc1d2df1b28
                                                  • Instruction ID: 14d95e1d73fc4709a7ec9eef1cdc8f6c0a7da0306b573564b762df0ed0cdc357
                                                  • Opcode Fuzzy Hash: ecff6ed1bed2e6a40566607b567991730e33737c114e984eddfe2bc1d2df1b28
                                                  • Instruction Fuzzy Hash: 3711A86191E64681EB21EB14D4517B92360FF54784F488031E7CD463BEDE2CE602D711
                                                  Function 00007FFE1330BAD4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: SubtypeType_$Err_FormatUnicode_strchr
                                                  • String ID: 'out' parameter %d must be a pointer type, not %s$PzZ
                                                  • API String ID: 3227297879-2360062653
                                                  • Opcode ID: 213c68ae6acd5428f3f9006fad45eff56139af005e426612322a5b6ed675897c
                                                  • Instruction ID: 18587c9c2e1bad09333b3e7733f275fe23cca8ae774154e44b6d3a08e0a20d78
                                                  • Opcode Fuzzy Hash: 213c68ae6acd5428f3f9006fad45eff56139af005e426612322a5b6ed675897c
                                                  • Instruction Fuzzy Hash: 6A212121B08E47DAEB588F17D44027D67A1EF64FA4F0480B1D96D67679DF2CE885D308
                                                  Function 00007FFE1330F368 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Long$Long_MaskUnsigned
                                                  • String ID: _ctypes/cfield.c pymem$unicode string or integer address expected instead of %s instance
                                                  • API String ID: 1805849926-901310697
                                                  • Opcode ID: 2ccd28ba18589efa0e64806d2f0cb936cf753f25fa42e4685e3b1daac323c193
                                                  • Instruction ID: 25e5dae262bcd289c62119bcd7525e3d763b103d04556dfdd665c809ca4e81c9
                                                  • Opcode Fuzzy Hash: 2ccd28ba18589efa0e64806d2f0cb936cf753f25fa42e4685e3b1daac323c193
                                                  • Instruction Fuzzy Hash: F921EA61E29F06C9EA549F17E8442BC2360BF68BB4F5444B5CA2E67375DE3CE4998308
                                                  Function 00007FFE1330C688 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: SubtypeType_$Err_FormatUnicode_strchr
                                                  • String ID: cast() argument 2 must be a pointer type, not %s$sPzUZXO
                                                  • API String ID: 3227297879-1038790478
                                                  • Opcode ID: 965fc26b6704ef5e374ef7ffa5f62dd4853d341b82561116f5d95d31500702b8
                                                  • Instruction ID: a4e5a240b5240cc9c8583a3a0a4ba3655961fbc8318c24d0b66b70e32bc89a78
                                                  • Opcode Fuzzy Hash: 965fc26b6704ef5e374ef7ffa5f62dd4853d341b82561116f5d95d31500702b8
                                                  • Instruction Fuzzy Hash: 10215CA5E09F06CDEF549B17D4402BC2360AF64FA4F5480B2D96E6A671EF2CE885C308
                                                  Function 00007FFE1331001C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocErr_$CharFormatStringUnicode_Wide
                                                  • String ID: one character unicode string expected$unicode string expected instead of %s instance
                                                  • API String ID: 3624372013-2255738861
                                                  • Opcode ID: 78dfc2eb6af70e9ff56f0b870839ae75e7c80da9051f64390c1f4690cb9272f4
                                                  • Instruction ID: c6813b7f05122913ba20f4102943c4ed3646034dd4a4b64c3b4ebd25699321bb
                                                  • Opcode Fuzzy Hash: 78dfc2eb6af70e9ff56f0b870839ae75e7c80da9051f64390c1f4690cb9272f4
                                                  • Instruction Fuzzy Hash: E8111C75E18E46C8EB408F13E8441B86360FBA9BF4F5451B2D92E63776CE6DD489C308
                                                  Function 00007FFE1330E378 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Arg_CharErrorFreeFromLastLocalParseTupleUnicode_Wide
                                                  • String ID: <no description>$|i:FormatError
                                                  • API String ID: 935104296-1632374824
                                                  • Opcode ID: 76526e8ca7a5dbad8a9db4044e1930993c468c73b951a0b1ccb6cf4ff79fcccc
                                                  • Instruction ID: 580993fa3580f0c302d3c2e9599723b9453cef690ae3f36696c69c00ae94a31e
                                                  • Opcode Fuzzy Hash: 76526e8ca7a5dbad8a9db4044e1930993c468c73b951a0b1ccb6cf4ff79fcccc
                                                  • Instruction Fuzzy Hash: 04015E61F08E468AEB508B27A80417D67B1FFA47F0B1452B1D97EA33E5EF2CE4458604
                                                  Function 00007FFE1330E408 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Eval_Thread$Arg_Err_FreeFromLibraryParseRestoreSaveTupleWindows
                                                  • String ID: O&:FreeLibrary
                                                  • API String ID: 204461231-2600264430
                                                  • Opcode ID: 75aac2151fbe6049cb3e9a760563f3d4315885d4bc3b29649270f1793fab5e9a
                                                  • Instruction ID: b7ebaf24439d4fc48ff9720fe12f3a4cbb9f2bc5b08f1cc3c80c85cbe6a4e773
                                                  • Opcode Fuzzy Hash: 75aac2151fbe6049cb3e9a760563f3d4315885d4bc3b29649270f1793fab5e9a
                                                  • Instruction Fuzzy Hash: C2010921F1CE43CAEB508B63A84417E2360ABA4BE0B5440B1DA6E63735DE3CE4858318
                                                  Function 00007FFE1330AD08 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: String$Size$AttrBuildBytes_Err_FromObject_Value_
                                                  • String ID: O(O(NN))$__dict__$ctypes objects containing pointers cannot be pickled
                                                  • API String ID: 1770468409-724424928
                                                  • Opcode ID: 88661b963aa2182533629a728d9d7687cb1de8a4424e8a81dc30ed468a425aa7
                                                  • Instruction ID: 628aad6c96de8a2048f416f62a7f1d0fc4a522fd658749c6f3514b7ae0e295bb
                                                  • Opcode Fuzzy Hash: 88661b963aa2182533629a728d9d7687cb1de8a4424e8a81dc30ed468a425aa7
                                                  • Instruction Fuzzy Hash: F1014825A08F42C9EB008B12E4540A86360FF68BE4F4845B1CE6D27376DF3CE045C308
                                                  Function 00007FFE133049D0 Relevance: 12.1, APIs: 8, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$FreeMem_
                                                  • String ID:
                                                  • API String ID: 2019857417-0
                                                  • Opcode ID: 374871c9eff3e112a1b206d9784e4eccbf1f957899ebfee0265df15c18715757
                                                  • Instruction ID: 5a22db7745267dcdae812cff381d9c9bf1edad0c153890703fd660deda021e77
                                                  • Opcode Fuzzy Hash: 374871c9eff3e112a1b206d9784e4eccbf1f957899ebfee0265df15c18715757
                                                  • Instruction Fuzzy Hash: DC314B32D0DE41C9EB548F23D8453BC2364FB64F78F1840B0C96E762798F2CA5458718
                                                  Function 00007FFE13303390 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 247COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CallDeallocErr_ObjectObject_StringSubtypeType_
                                                  • String ID: has no _stginfo_
                                                  • API String ID: 1588466501-2912685656
                                                  • Opcode ID: 5c1c4e8e87691ef5d94af4ab4c7f18db9f774f61d349d2447f707128ae63115f
                                                  • Instruction ID: 26f9acce47cc2ef5181ed89388eb631943a5ab08d01712005471b09080ee47a6
                                                  • Opcode Fuzzy Hash: 5c1c4e8e87691ef5d94af4ab4c7f18db9f774f61d349d2447f707128ae63115f
                                                  • Instruction Fuzzy Hash: C7B15C72A09F81C9EB648F66E4503BD27A0FB64BA4F044476DA6E6B760DF3CE495C304
                                                  Function 00007FFE007453C0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$AddressProcValue
                                                  • String ID: FlsGetValue$LCMapStringEx
                                                  • API String ID: 3663398396-552164261
                                                  • Opcode ID: 948fc83682bb285d1de66210e03cd83af409993909cd05a65e03d11a14740bb0
                                                  • Instruction ID: aed5083d19b97eb3cb52e6ac2af85102ab58146f93fbde9e85c1946d13b6738f
                                                  • Opcode Fuzzy Hash: 948fc83682bb285d1de66210e03cd83af409993909cd05a65e03d11a14740bb0
                                                  • Instruction Fuzzy Hash: D951BE21F0AB9682EA54BB19A80417A6395EF48BE4F4C4535DF5D47BBEDF3CE8468300
                                                  Function 00007FFE00774FCC Relevance: 10.6, APIs: 7, Instructions: 134COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Name::doName::operator+Name::operator+=Pchar$NameName::Name::append
                                                  • String ID:
                                                  • API String ID: 3659116837-0
                                                  • Opcode ID: ba15799b0e7ceb7b55bd43d09b27d58f4f49837068a18498ec1ca158e5473965
                                                  • Instruction ID: c4e65189bf2b4e83d3fa47bfa68f1090755ce32ed8843ade173ed826b98b263f
                                                  • Opcode Fuzzy Hash: ba15799b0e7ceb7b55bd43d09b27d58f4f49837068a18498ec1ca158e5473965
                                                  • Instruction Fuzzy Hash: 73614572A0AB9689F712DB24E8807BC27A1BB55788F888031DB0E577AADF7DD441C701
                                                  Function 00007FF685C0CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D06D
                                                  • GetLastError.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D07B
                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D0A5
                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D113
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF685C0D29A,?,?,?,00007FF685C0CF8C,?,?,?,00007FF685C0CB89), ref: 00007FF685C0D11F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                  • String ID: api-ms-
                                                  • API String ID: 2559590344-2084034818
                                                  • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                  • Instruction ID: 6d83e63e22839bc5755171179addd13ca9b1801e979457d76344a033345a97c0
                                                  • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                  • Instruction Fuzzy Hash: 71319467B1AA42C1EE119B16E40067663A4BF08FB8F99053EDD1D87384EF3CE846CB00
                                                  Function 00007FFE007425F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE00742616
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE0074265D
                                                    • Part of subcall function 00007FFE007426A0: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FFE00742690), ref: 00007FFE007426CC
                                                    • Part of subcall function 00007FFE007426A0: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00000000,00007FFE00742690), ref: 00007FFE007426E8
                                                  • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE00782B3C
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0 ref: 00007FFE00782B52
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CriticalErrorLastSection$AddressEnterLeaveProcValue
                                                  • String ID: FlsGetValue$LCMapStringEx
                                                  • API String ID: 2861905401-552164261
                                                  • Opcode ID: 9d82342594002ce3bbd8b4bd2bb79a11808f388563f9c3ff704688b0f4c3bab2
                                                  • Instruction ID: 18832d947d4bd99e71fcea21b523994c0f0b4f7c62f9e3d46669a1e02482e3cc
                                                  • Opcode Fuzzy Hash: 9d82342594002ce3bbd8b4bd2bb79a11808f388563f9c3ff704688b0f4c3bab2
                                                  • Instruction Fuzzy Hash: 14315E76B0BB4286EA14AB28E8441B56395AF483A0F584235DB5D437FDEF3CE846C700
                                                  Function 00007FFE1330C55C Relevance: 10.6, APIs: 7, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocSubtypeType_$Dict_$CallErr_FormatFromItemLong_MakeObject_Unicode_Voidstrchr
                                                  • String ID:
                                                  • API String ID: 1416334960-0
                                                  • Opcode ID: ce3ac10905c1c6e7ba975258a2a35abd42496ba6533384bd7e976a6e54496548
                                                  • Instruction ID: 8aaba49587cd27fe51c24dbf773d5197e41cfe33f3fdae69d1214fbdc6925cd0
                                                  • Opcode Fuzzy Hash: ce3ac10905c1c6e7ba975258a2a35abd42496ba6533384bd7e976a6e54496548
                                                  • Instruction Fuzzy Hash: D8316F61E09F0689EE648B27A54017C63A1BF64FE0F1855B0DE2D6B7B6DF3CE4518308
                                                  Function 00007FFE00746044 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE00744A45), ref: 00007FFE00746058
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE00744A45), ref: 00007FFE007460A8
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE00744A45), ref: 00007FFE00783356
                                                  • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE00744A45), ref: 00007FFE007833B9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$AddressProcValue
                                                  • String ID: FlsGetValue$LCMapStringEx
                                                  • API String ID: 3663398396-552164261
                                                  • Opcode ID: 78ca7522fdfa8cbe323af7358c6e3b25300f47634eb04763555a5be60e670504
                                                  • Instruction ID: e3ed88ee038cfc160b06158598c162ca28fab6a184189a1fa075052d5c09fd2e
                                                  • Opcode Fuzzy Hash: 78ca7522fdfa8cbe323af7358c6e3b25300f47634eb04763555a5be60e670504
                                                  • Instruction Fuzzy Hash: 1331C121F1BB4282FA44AB59E8105B92391BF49BA0F485135EF1E43BBDEF2CF9458340
                                                  Function 00007FFE00733964 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE00780F8C,?,?,00000000,00007FFE007434C9,?,?,?,00007FFE007839B1), ref: 00007FFE00733978
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE00780F8C,?,?,00000000,00007FFE007434C9,?,?,?,00007FFE007839B1), ref: 00007FFE007339C8
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE00780F8C,?,?,00000000,00007FFE007434C9,?,?,?,00007FFE007839B1), ref: 00007FFE0077C4F8
                                                  • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE00780F8C,?,?,00000000,00007FFE007434C9,?,?,?,00007FFE007839B1), ref: 00007FFE0077C55B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$AddressProcValue
                                                  • String ID: FlsGetValue$LCMapStringEx
                                                  • API String ID: 3663398396-552164261
                                                  • Opcode ID: b3c3fa4fa481bad0b01e31c2ce2019b82ec713eee3a7a424c4296bf864c06ca5
                                                  • Instruction ID: 1cc340be474960ed73d3fe88c0a1ec2b83b3bf7b50444438eb0dbc3c92a463d1
                                                  • Opcode Fuzzy Hash: b3c3fa4fa481bad0b01e31c2ce2019b82ec713eee3a7a424c4296bf864c06ca5
                                                  • Instruction Fuzzy Hash: 6131C361F0BB8282FA06AB55A8105B52395BF4C7D4F185139EF1E437BDEE2CF9558340
                                                  Function 00007FFE0074BFE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE00746342,?,?,?,00007FFE007434B6,?,?,?,00007FFE007839B1), ref: 00007FFE0074C04A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 1029625771-537541572
                                                  • Opcode ID: 6db79fdddd998107a66d735d21890402ca099e4a773b4f9534cfcd9fd7362131
                                                  • Instruction ID: bc96e561f2426ed275ae828befcc51b2a02cca38ecd06e520ffa9e6f8190e0ee
                                                  • Opcode Fuzzy Hash: 6db79fdddd998107a66d735d21890402ca099e4a773b4f9534cfcd9fd7362131
                                                  • Instruction Fuzzy Hash: D1214B22A1BB9681EE55EB2699441B82295FF49BE0F1D0635CF2E477F8EF3CE4518340
                                                  Function 00007FFE13301964 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: SubtypeType_$Object_$Err_InstanceStringSubclass
                                                  • String ID: abstract class
                                                  • API String ID: 2446900705-1623945838
                                                  • Opcode ID: 58fe7ba39b1d69d5d5881ffd8c909ddb01b50921734a2230f2f5ab80e3e20ea5
                                                  • Instruction ID: b3be55730eba9dc01cf0f24164dde5c01c7ac223b06abc0236eff471fe449939
                                                  • Opcode Fuzzy Hash: 58fe7ba39b1d69d5d5881ffd8c909ddb01b50921734a2230f2f5ab80e3e20ea5
                                                  • Instruction Fuzzy Hash: 9A217F21F08E43C9EE149B17D85007D2361BF64FE4B4495B1D96E676B6DE2CE4468308
                                                  Function 00007FFE1330A5D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$FormatInstanceObject_StringSubtypeType_
                                                  • String ID: Pointer does not support item deletion$expected %s instead of %s
                                                  • API String ID: 1243598503-2046472288
                                                  • Opcode ID: 7e5abba99994391ff7d7e0f3205b13952e94d9d845f4bbb21d1d68935d99630f
                                                  • Instruction ID: d190ff1e5eca75fad70fbfdca033e249fc9b7d14aaf5e4ff243eeb2bc0e1575f
                                                  • Opcode Fuzzy Hash: 7e5abba99994391ff7d7e0f3205b13952e94d9d845f4bbb21d1d68935d99630f
                                                  • Instruction Fuzzy Hash: 3D213061A08E46C9EA449B27E4400BD6361FF69BB4B1446B2DD2E677B5DF2CD4868308
                                                  Function 00007FF685C029E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ErrorFormatLast
                                                  • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                  • API String ID: 3971115935-1149178304
                                                  • Opcode ID: 7223b30dd23a30c2aa7faf0092ff60e4697deebee1b944f1837b883079aee3ab
                                                  • Instruction ID: 23e50df21dd711c7de41580c37cab8dff6692b5e46089c5950cdc4988de714db
                                                  • Opcode Fuzzy Hash: 7223b30dd23a30c2aa7faf0092ff60e4697deebee1b944f1837b883079aee3ab
                                                  • Instruction Fuzzy Hash: DD211E73618A85C2E7209B11F4506DA6774FF88B98F40112EEA8D93A98DF7CDA46CF40
                                                  Function 00007FFE1330BBEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyDict_GetItemWithError.PYTHON38(?,?,00000000,00007FFE13308C52,?,?,?,?,?,?,?,00000000,?,00007FFE1330381F), ref: 00007FFE1330BC2D
                                                  • PyErr_Occurred.PYTHON38(?,?,00000000,00007FFE13308C52,?,?,?,?,?,?,?,00000000,?,00007FFE1330381F), ref: 00007FFE1330BC3C
                                                  • PyErr_Format.PYTHON38(?,?,00000000,00007FFE13308C52,?,?,?,?,?,?,?,00000000,?,00007FFE1330381F), ref: 00007FFE1330BC6D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Dict_ErrorFormatItemOccurredWith
                                                  • String ID: not enough arguments$required argument '%S' missing
                                                  • API String ID: 62204369-3448764933
                                                  • Opcode ID: 67bdfaa597aee7b6c3e3d71308b9fb0a6ba40f0cfb4da4c07b98cbdf7840eb8d
                                                  • Instruction ID: 432956cd1e3fc0e7a43c946bcf0b99d839338ec84dd2370d431ee83bf8f8c8ac
                                                  • Opcode Fuzzy Hash: 67bdfaa597aee7b6c3e3d71308b9fb0a6ba40f0cfb4da4c07b98cbdf7840eb8d
                                                  • Instruction Fuzzy Hash: A6114F61A19E82C9EA58CF07E58017DA364EF64BE4B1885B1CA2E27775DF2CE4418308
                                                  Function 00007FFE1330F2AC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CharErr_FormatUnicode_Wide
                                                  • String ID: string too long (%zd, maximum length %zd)$unicode string expected instead of %s instance
                                                  • API String ID: 2195588020-2061977717
                                                  • Opcode ID: 7ac85017326a6a3638da0ed184420ce377bd8bc92a60fdcc85f64a8ab54a6b3d
                                                  • Instruction ID: 2864506d01c423fe0785fee6e14032728e41497a2ac6cab84bdb27961afe7c39
                                                  • Opcode Fuzzy Hash: 7ac85017326a6a3638da0ed184420ce377bd8bc92a60fdcc85f64a8ab54a6b3d
                                                  • Instruction Fuzzy Hash: C9118E64B08F46C9EA40CB17E8101A96360BB58FF4F544271EE2E63BB5DF2CE4498304
                                                  Function 00007FF685C2707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                  • String ID: CONOUT$
                                                  • API String ID: 3230265001-3130406586
                                                  • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                  • Instruction ID: d19c22b4d1e13190396a859ad1b3f86c37d83d88f0dac814418d54f6b721db22
                                                  • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                  • Instruction Fuzzy Hash: 99113D22A18A46C6E7508B52E85432966B1BF98FF4F04523CEA5D877A4DF7CD804CB40
                                                  Function 00007FF685C081F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C0821D
                                                  • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C0827A
                                                    • Part of subcall function 00007FF685C086B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF685C03FA4,00000000,00007FF685C01925), ref: 00007FF685C086E9
                                                  • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C08305
                                                  • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C08364
                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C08375
                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FF685C039F2), ref: 00007FF685C0838A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                  • String ID:
                                                  • API String ID: 3462794448-0
                                                  • Opcode ID: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
                                                  • Instruction ID: d27bf0d777b8330601a37fca0957ff4bcdccadc619ef0697712821d52fb6076c
                                                  • Opcode Fuzzy Hash: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
                                                  • Instruction Fuzzy Hash: 854160A3A19682C1EA209B12E5402BA67B4FF85FA4F45513EDF9D97785DE3CE901CF00
                                                  Function 00007FFE1330B9A4 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$CallMethodObject_SizeTuple_
                                                  • String ID:
                                                  • API String ID: 3727994145-0
                                                  • Opcode ID: 1e5e15aa81331125b7812d0fc3e7b9a7c1acb37b23ce8f04c1f626aa117a153b
                                                  • Instruction ID: 225092080ebae195c3f9702dffe3721693f4a569a4b9887676d147376c594cf7
                                                  • Opcode Fuzzy Hash: 1e5e15aa81331125b7812d0fc3e7b9a7c1acb37b23ce8f04c1f626aa117a153b
                                                  • Instruction Fuzzy Hash: 02316D72D18E42CAEB598F26A94413D7BE0FB64BB4F044174DA6D22A74DF3CE491C708
                                                  Function 00007FFE00751C18 Relevance: 9.1, APIs: 6, Instructions: 83threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE00751C29
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE00751C7B
                                                  • FreeLibraryAndExitThread.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0 ref: 00007FFE00751CBE
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE00751CFF
                                                  • ExitThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE00751D07
                                                    • Part of subcall function 00007FFE00743A40: GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,00000000,00007FFE00743484,?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?), ref: 00007FFE00743AB9
                                                    • Part of subcall function 00007FFE00743A40: TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00007FFE00743484,?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?), ref: 00007FFE0077C59E
                                                  • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFE0078730D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$ExitThread$AddressCloseFreeHandleLibraryProcValue
                                                  • String ID:
                                                  • API String ID: 1453037571-0
                                                  • Opcode ID: 9385413610f64a6426c2931e4861a13ac1805e78321b1171aa409faccdf45293
                                                  • Instruction ID: 2d49c3af6b0a961acc80dc64ba8fe8b7609c79fa0b249c393c96fed984899137
                                                  • Opcode Fuzzy Hash: 9385413610f64a6426c2931e4861a13ac1805e78321b1171aa409faccdf45293
                                                  • Instruction Fuzzy Hash: 33315C20F0F68242FA18B73095542B92259AF457B2F5C0738DB3E027FEDF6DA8458311
                                                  Function 00007FF685C1A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A5E7
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A61D
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A64A
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A65B
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A66C
                                                  • SetLastError.KERNEL32(?,?,?,00007FF685C143FD,?,?,?,?,00007FF685C1979A,?,?,?,?,00007FF685C1649F), ref: 00007FF685C1A687
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Value$ErrorLast
                                                  • String ID:
                                                  • API String ID: 2506987500-0
                                                  • Opcode ID: 5dcac91248c0014d458aec840eea87d8b317a92cf5de5997ea3edf93bd94a031
                                                  • Instruction ID: 14166fc75cfea547a910b21a793e2a692315f1ae15d2e9db06a64e1c57c625d7
                                                  • Opcode Fuzzy Hash: 5dcac91248c0014d458aec840eea87d8b317a92cf5de5997ea3edf93bd94a031
                                                  • Instruction Fuzzy Hash: 92116D22E88642C2FA586B22DA5117965727F48FB0F44533DD83ECA6D6DE2CAC01CF41
                                                  Function 00007FFE00777058 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Name::operator+=$Replicator::operator+=
                                                  • String ID: ...
                                                  • API String ID: 3157425598-440645147
                                                  • Opcode ID: c9104c6670451f329dad148e6b4dc02d9787fc759a2c8db3b396c3d6320865ab
                                                  • Instruction ID: 38a2d8033eb28ddcbe3206096f2ac81162154a2f44bc31e8f764275dcf9212b9
                                                  • Opcode Fuzzy Hash: c9104c6670451f329dad148e6b4dc02d9787fc759a2c8db3b396c3d6320865ab
                                                  • Instruction Fuzzy Hash: E6517E62E0EB8A84FB16EB25D84477827A1BB95B84F5C8031CB4D467BECE7DE445C700
                                                  Function 00007FFE13302B50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Mem_$FreeMalloc
                                                  • String ID: %Id)$%Id,
                                                  • API String ID: 3308143561-2823328843
                                                  • Opcode ID: 68fba6c65291721555c8f7ebb26129123c55de953727d1d0e97554d30be647cc
                                                  • Instruction ID: abb9eda162a98818e0f456e2996c2d00e083f76421cc08e42d6bf7d07263edeb
                                                  • Opcode Fuzzy Hash: 68fba6c65291721555c8f7ebb26129123c55de953727d1d0e97554d30be647cc
                                                  • Instruction Fuzzy Hash: 1241E322A08B8588EF11CF16A4102BD6790FB65BE4F880171DE6DA77A1DF3DD046C314
                                                  Function 00007FF685C02300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                  • String ID: Unhandled exception in script
                                                  • API String ID: 3081866767-2699770090
                                                  • Opcode ID: aa8fae7967b6237ed58108c0441fa719abaab4bc203e45b59d8227776e6be316
                                                  • Instruction ID: afb357a5291bbbb34abe69d56f0ac930d014b587d9716e2c89bb95c35054cf09
                                                  • Opcode Fuzzy Hash: aa8fae7967b6237ed58108c0441fa719abaab4bc203e45b59d8227776e6be316
                                                  • Instruction Fuzzy Hash: 74313C76A09682C9EB209F61E8552E96370FF89BA8F44113EEA4D8BB55DF3CD544CB00
                                                  Function 00007FFE13301F40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_MallocMem_String
                                                  • String ID: abstract class
                                                  • API String ID: 3951516270-1623945838
                                                  • Opcode ID: 055b77e2e3b80189cc3298ea85d87d91dfed2776ab694d45947f6f6b826b42df
                                                  • Instruction ID: b841f2db330535455cb1eabb691e617c95ed8375b3e2433dff37b32fe4d9d415
                                                  • Opcode Fuzzy Hash: 055b77e2e3b80189cc3298ea85d87d91dfed2776ab694d45947f6f6b826b42df
                                                  • Instruction Fuzzy Hash: 9E214D32A09F02CAEB848F26E5442AC33E4FB58BA4F544574CA6D93765EF3DE464C344
                                                  Function 00007FFE1330E2A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Arg_FromLongLong_ParseTuple
                                                  • String ID: OO:CopyComPointer
                                                  • API String ID: 1908940310-822416302
                                                  • Opcode ID: 7e00673205eba28370de99c8282450b0b613e4871889fe95876d84c7ac623f1a
                                                  • Instruction ID: 6fda8215b47ad167012056f1d15b9003f5bf626d736a46713b0db3bf122441a9
                                                  • Opcode Fuzzy Hash: 7e00673205eba28370de99c8282450b0b613e4871889fe95876d84c7ac623f1a
                                                  • Instruction Fuzzy Hash: 07214132F08F428DEB558F7298501BC6760BB54BB8F4C55B5DA2D66A79CF3CE0458318
                                                  Function 00007FF685C02760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                  • API String ID: 1878133881-640379615
                                                  • Opcode ID: 185a5ded7e4d76afdc6dde510c40398ff569d270283616bd23a067f5071c39f1
                                                  • Instruction ID: a1b38a077daf4f05d353598450d1b4fee04690478131321f13db4b399003969a
                                                  • Opcode Fuzzy Hash: 185a5ded7e4d76afdc6dde510c40398ff569d270283616bd23a067f5071c39f1
                                                  • Instruction Fuzzy Hash: 89215EB3628A86C1E6209B10F4517EAA774FF84B98F40513EE68C83699DF7CDA45CF40
                                                  Function 00007FFE13305580 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AttrDict_Err_NextObject_String
                                                  • String ID: args not a tuple?$too many initializers
                                                  • API String ID: 3352738686-2791065560
                                                  • Opcode ID: 2ff835a78943e0d53156706c5d13c88222d5f76d37cafafde7b459920f154dc0
                                                  • Instruction ID: e68cc9dbe8716f4fbe3f7d3960efea89d4fcb6724ca037b54a8ffefbaa296498
                                                  • Opcode Fuzzy Hash: 2ff835a78943e0d53156706c5d13c88222d5f76d37cafafde7b459920f154dc0
                                                  • Instruction Fuzzy Hash: E9215C61A08F46C9EA108B16E4443BDA361FBA4BF4F1042B2E97D626F9CF7CD4498704
                                                  Function 00007FFE007CD5FC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,00007FFE007CEEE8), ref: 00007FFE007CD621
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,00007FFE007CEEE8), ref: 00007FFE007CD62D
                                                    • Part of subcall function 00007FFE007CD700: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFE007CD711
                                                  • CreateFileW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,00007FFE007CEEE8), ref: 00007FFE007CD65F
                                                  • WriteConsoleW.API-MS-WIN-CORE-CONSOLE-L1-1-0(?,?,?,?,?,?,?,?,00007FFE007CEEE8), ref: 00007FFE007CD680
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                  • String ID: CONOUT$
                                                  • API String ID: 3230265001-3130406586
                                                  • Opcode ID: e8436ed983646b7741b880c1e310600c66f6064bdfef0de261db91b68aa38882
                                                  • Instruction ID: 7cc25ebe5a2889135c21e5fba88fee5ef388a7c8bc8c8aac4749cb989ac46882
                                                  • Opcode Fuzzy Hash: e8436ed983646b7741b880c1e310600c66f6064bdfef0de261db91b68aa38882
                                                  • Instruction Fuzzy Hash: 50113976A1AA8683E7609F55E8447A973A0FB8CB99F184135DB4D4772CCF3CD854CB00
                                                  Function 00007FFE13305508 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Dict_Err_ItemUnraisableWrite
                                                  • String ID: on calling _ctypes.DictRemover
                                                  • API String ID: 2766432985-2232269487
                                                  • Opcode ID: 6e0ad491db063978f479133473ff4abaecb1d22476682f6d1dc9da04208c63ed
                                                  • Instruction ID: 5606883ac26cd5baabb513f0c04b07a148862013abe6cf2d9354a0cc2745039b
                                                  • Opcode Fuzzy Hash: 6e0ad491db063978f479133473ff4abaecb1d22476682f6d1dc9da04208c63ed
                                                  • Instruction Fuzzy Hash: 74018B61E1EE06C8FB198BA7D84837C2361AF74BB4F1805B0C92E125F0CF2DD4458208
                                                  Function 00007FFE1330B358 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FormatFromUnicode_$Dealloc
                                                  • String ID: %s(%R)$<%s object at %p>
                                                  • API String ID: 1714529502-296555854
                                                  • Opcode ID: 8da2c259c459dc00163e45fe031fe5c6f94d91e17c1133588364775a34608aa9
                                                  • Instruction ID: 49c3418b5dcfa9b781fd7c85a0cbe83500f3f3c158dd5fba57411d362159ba1a
                                                  • Opcode Fuzzy Hash: 8da2c259c459dc00163e45fe031fe5c6f94d91e17c1133588364775a34608aa9
                                                  • Instruction Fuzzy Hash: 270108A1A09E86C9DE049F27E4800BD6360FB68FE4B1851B1CE2D273B5DE7CD895C308
                                                  Function 00007FFE1330282C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$LongLong_MaskOccurredStringSubtypeType_Unsigned
                                                  • String ID: int expected instead of float
                                                  • API String ID: 2539109060-2411840549
                                                  • Opcode ID: 4190966989bc7992be6b66f9c704924149e5ca780019c0be67c82ade6ce9eda0
                                                  • Instruction ID: 828fe3ffc7afb9da7aab96d9463f866d6c2ce4dc53abf7dfe19168160eda1737
                                                  • Opcode Fuzzy Hash: 4190966989bc7992be6b66f9c704924149e5ca780019c0be67c82ade6ce9eda0
                                                  • Instruction Fuzzy Hash: 1F016D25F0CE07C9EB148B27E8840796360BF69BF1B1486B0C97EE22B5DF2CE4458308
                                                  Function 00007FFE133024B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$LongLong_MaskOccurredStringSubtypeType_Unsigned
                                                  • String ID: int expected instead of float
                                                  • API String ID: 2539109060-2411840549
                                                  • Opcode ID: d580dedb6eb4beabc372b8108e2d76eacac62e2364c24e9b9c54f12f7d4f31b0
                                                  • Instruction ID: ce09e1b65d02376f1ef8fea99c36db393a95f1bab6beee03fddd5f5af6fe6562
                                                  • Opcode Fuzzy Hash: d580dedb6eb4beabc372b8108e2d76eacac62e2364c24e9b9c54f12f7d4f31b0
                                                  • Instruction Fuzzy Hash: 0D01FF21F08E46C9EA548B27E8940796360BF68BF4B1486B1DD3EE26B5DF2CE4458308
                                                  Function 00007FFE1330169C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_Long$Long_MaskOccurredStringSubtypeType_Unsigned
                                                  • String ID: int expected instead of float
                                                  • API String ID: 3681780221-2411840549
                                                  • Opcode ID: 5d8bac60d503e20a68a38e0428ffacd6868880521a5a232ada2c39c0a41308f1
                                                  • Instruction ID: b2c1ac4f9072aff185b8cc17e876ff6cdfeaebbd608b018f839748df8c462307
                                                  • Opcode Fuzzy Hash: 5d8bac60d503e20a68a38e0428ffacd6868880521a5a232ada2c39c0a41308f1
                                                  • Instruction Fuzzy Hash: 5D014F25F08E46C8EA148B27E8400796361BF68BF4B1853B4D93E926F5DE2CE4858208
                                                  Function 00007FFE1330175C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_Long$Long_MaskOccurredStringSubtypeType_Unsigned
                                                  • String ID: int expected instead of float
                                                  • API String ID: 3681780221-2411840549
                                                  • Opcode ID: 5481670f98ec182ff884156e168aac6c34ddbac41324025a937a719b641be7e4
                                                  • Instruction ID: a42490441bd15b6359761e9b3583dc0d9c655679f14a136db15547130cfcfe0a
                                                  • Opcode Fuzzy Hash: 5481670f98ec182ff884156e168aac6c34ddbac41324025a937a719b641be7e4
                                                  • Instruction Fuzzy Hash: 8D016221F08D42C9EA148B27F8440796361AF64FF4B1447B0D93E922F5DE2CE4558208
                                                  Function 00007FFE1330FF88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_Format$memcpy
                                                  • String ID: bytes too long (%zd, maximum length %zd)$expected bytes, %s found
                                                  • API String ID: 437140070-1985973764
                                                  • Opcode ID: 10fea624f8b6b17753902bd7af56b3cf3030963c9f4ce13bdd61654d3b99bad9
                                                  • Instruction ID: fd85b298739a2024f28b3d630c59166b2672ab1cb6330da0769648cee78af9f0
                                                  • Opcode Fuzzy Hash: 10fea624f8b6b17753902bd7af56b3cf3030963c9f4ce13bdd61654d3b99bad9
                                                  • Instruction Fuzzy Hash: CA011E61E08E4AC9EA109B57D4802B86360AF75BB4F6053B2C93D732F5CE2CD09D8348
                                                  Function 00007FFE007505C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: c6102f14bd0e1dc4eb31f26872076cec08b0579beb4ca12afd9d0d1ba956034a
                                                  • Instruction ID: fc0837b999d8619456587bd9d7cafa3e4cbcf5b60169ebc88e610ffb3908a072
                                                  • Opcode Fuzzy Hash: c6102f14bd0e1dc4eb31f26872076cec08b0579beb4ca12afd9d0d1ba956034a
                                                  • Instruction Fuzzy Hash: 53F030A2B1F68282EF54AF20E8847B92360AF48745F481439D75F853BCEF6CE499C740
                                                  Function 00007FF685C18DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                  • Instruction ID: 5f6398b0e7cd8790c92b04f61e4ad22835e4145cd41f5b464b64964daffe6fc1
                                                  • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                  • Instruction Fuzzy Hash: E0F04F62A19706C1EE109B25E4443796730FF49FB5F54163DC66D861E4CF2CE849CB00
                                                  Function 00007FFE0079EC38 Relevance: 7.8, APIs: 5, Instructions: 344COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCPInfo.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE0079ED0C
                                                  • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE0079EE2D
                                                  • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE0079EF43
                                                  • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE0079EFC9
                                                  • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FFE0079F097
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$Info
                                                  • String ID:
                                                  • API String ID: 1775632426-0
                                                  • Opcode ID: 37aa3bd256a071d7114397c104d9f3dc587f8c0504604195be426d22ce84bd86
                                                  • Instruction ID: 598bb3355dbdabad69366a7ff20e81a1b206c1e0fc21ab3099c738704abbcb2c
                                                  • Opcode Fuzzy Hash: 37aa3bd256a071d7114397c104d9f3dc587f8c0504604195be426d22ce84bd86
                                                  • Instruction Fuzzy Hash: FDD1AD12E0B28246FBB4BA55849427D66D1EF05794F6C4237EB5C86BFDDE2DE8808341
                                                  Function 00007FFE00752514 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE00752509), ref: 00007FFE0075257A
                                                  • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE00752509), ref: 00007FFE007525A7
                                                  • GetFullPathNameW.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE00752509), ref: 00007FFE00787555
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE00752509), ref: 00007FFE00787562
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE00752509), ref: 00007FFE00787599
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FullNamePath$ErrorLast
                                                  • String ID:
                                                  • API String ID: 457693415-0
                                                  • Opcode ID: 8d511332f94ab66b54b28a8ebd2e96d388545995aa5be56feb9ca80927fc0617
                                                  • Instruction ID: 016a4af07c2884d737d75968c2c44318b5d32c4dde2dd000f0ccf0e3f1fd7c61
                                                  • Opcode Fuzzy Hash: 8d511332f94ab66b54b28a8ebd2e96d388545995aa5be56feb9ca80927fc0617
                                                  • Instruction Fuzzy Hash: 83318E62B0AB4286FB15BB6194105BD32A4BF48B80B184034DF1E67BAEDF3CE8528340
                                                  Function 00007FFE13302330 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Dict_FromItemSizeStringUnicode_
                                                  • String ID:
                                                  • API String ID: 1315862103-0
                                                  • Opcode ID: 226fa3ddf6524635a00c5da45c2b3d37d15bcbd73c7020d3e14a9ac4c38a5551
                                                  • Instruction ID: e913265a420c25d6cec0e1776a847b8b5fe0e99b3d1af0924e745b9da156dcaa
                                                  • Opcode Fuzzy Hash: 226fa3ddf6524635a00c5da45c2b3d37d15bcbd73c7020d3e14a9ac4c38a5551
                                                  • Instruction Fuzzy Hash: C2215331E0DE42C9EAA58B37A95417C6394AF65FF0F5841F0DA6EA67B5CF2CE4418308
                                                  Function 00007FFE00754F40 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE007518DC: GetModuleHandleExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE00751868), ref: 00007FFE00751920
                                                  • CreateThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE00754F8A
                                                  • ResumeThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE00754FA3
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE00788369
                                                  • CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FFE00788385
                                                  • FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0 ref: 00007FFE00788394
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: HandleThread$CloseCreateErrorFreeLastLibraryModuleResume
                                                  • String ID:
                                                  • API String ID: 1364334503-0
                                                  • Opcode ID: abb107f651fd450bd483c6b75e6516ba23bdd0948844ca67fb2ffd94d36fe676
                                                  • Instruction ID: 83b835b38b9d69a4d9db4384012a9a9980fd0a0a7249848ed5def63a9118f8e0
                                                  • Opcode Fuzzy Hash: abb107f651fd450bd483c6b75e6516ba23bdd0948844ca67fb2ffd94d36fe676
                                                  • Instruction Fuzzy Hash: 3C216F25A0FB4286FE65BB68A4142BD6290AF45B75F5C0B34DB2E027FDDF7CE8108201
                                                  Function 00007FFE00763C64 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _set_statfp
                                                  • String ID:
                                                  • API String ID: 1156100317-0
                                                  • Opcode ID: d87a420c425093582bf0768a505271f7d8736b4892105bec4a5daca04c7c3215
                                                  • Instruction ID: 10dfb34c66e85975e227f29f352fd2f6e2a1fa5a15a1fe927d4da18cfca63f7a
                                                  • Opcode Fuzzy Hash: d87a420c425093582bf0768a505271f7d8736b4892105bec4a5daca04c7c3215
                                                  • Instruction Fuzzy Hash: AB11A022E5EA5309F6943568E55A37914406F94378F4D0B34FB6F2A3FFCE1DAA40D221
                                                  Function 00007FF685C28678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _set_statfp
                                                  • String ID:
                                                  • API String ID: 1156100317-0
                                                  • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                  • Instruction ID: 14580611c09f9c95750dea3f7be5678755cb77185d5facf1daf615fa3d6f1e5c
                                                  • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                  • Instruction Fuzzy Hash: CF119D27E58B0281F654112AD45537501707F5CF74F15663CF96EA66D6CE2CAC44C910
                                                  Function 00007FF685C1A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A6BF
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A6DE
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A706
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A717
                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF685C198B3,?,?,00000000,00007FF685C19B4E,?,?,?,?,?,00007FF685C19ADA), ref: 00007FF685C1A728
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: 25d361a094b2c99e262beff41eaee06ac9464b6f74968b1c14d3cfe42ff85be4
                                                  • Instruction ID: 9a7699f806612649be8635e907af5200e38123e2623ee23a428550461c359f24
                                                  • Opcode Fuzzy Hash: 25d361a094b2c99e262beff41eaee06ac9464b6f74968b1c14d3cfe42ff85be4
                                                  • Instruction Fuzzy Hash: 5B116D22F48642C2FA585726D95117A61B27F89BB0E44433DE83DCA6D6DE2CED41CF81
                                                  Function 00007FF685C1A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Value
                                                  • String ID:
                                                  • API String ID: 3702945584-0
                                                  • Opcode ID: a853173f6999e7d5ef833d9e4f06cbd56a904a1eb1d6261c936ae8f95b9bedb9
                                                  • Instruction ID: 250da9ff880c46d1b1f08536eb3ef661a140eb3cbf5460fb8d56bf273ac8af1e
                                                  • Opcode Fuzzy Hash: a853173f6999e7d5ef833d9e4f06cbd56a904a1eb1d6261c936ae8f95b9bedb9
                                                  • Instruction Fuzzy Hash: BF111C22E8C607C1F9586626C8511BA21A26F49F70E44573DD93ECA2D3ED2CBC41DF41
                                                  Function 00007FFE13310470 Relevance: 7.5, APIs: 5, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc
                                                  • String ID:
                                                  • API String ID: 3617616757-0
                                                  • Opcode ID: 5eb91d6f8006a15464dad167b52d77913745de2aead0a031361b304b3ea450c4
                                                  • Instruction ID: 082b559a70e7284f55f01026bfd14a1fe6dca166395fef91360e028520e0e656
                                                  • Opcode Fuzzy Hash: 5eb91d6f8006a15464dad167b52d77913745de2aead0a031361b304b3ea450c4
                                                  • Instruction Fuzzy Hash: EF113D72E0AE42C9FB948F72C8A43B863A0BF74B39F088170CD1D595668F6C548A9314
                                                  Function 00007FFE1330E540 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ArgsCallFunctionObject_$DeallocDict_Err_ErrorItemOccurredWith
                                                  • String ID:
                                                  • API String ID: 3152022114-0
                                                  • Opcode ID: c9dcb3608dc007308e1f26ca52dd96ee1ce58cfc780adf19271e90043c86d229
                                                  • Instruction ID: a7b08f578583580f85d48d38a5d95ece29e9b1238b0f96a83593ed61246c59f6
                                                  • Opcode Fuzzy Hash: c9dcb3608dc007308e1f26ca52dd96ee1ce58cfc780adf19271e90043c86d229
                                                  • Instruction Fuzzy Hash: CF01A711F19E42C9FF594B67E90417E9391AF28FE0B486474CD2D577B5EE2CE4408318
                                                  Function 00007FF685C152B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: verbose
                                                  • API String ID: 3215553584-579935070
                                                  • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                  • Instruction ID: 7b5b703d29bf71120126e374d2d553cc239766542e45e09d620ec5c5b7d5626b
                                                  • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                  • Instruction Fuzzy Hash: 19919B23A48A46C5E7619A25E45037D36A1BF40FA6F88813EDA9A873D5DE7CEC05CF01
                                                  Function 00007FF685C1EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                  • API String ID: 3215553584-1196891531
                                                  • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                  • Instruction ID: e7c02808a921401184dc7bddc552f87ce37ebdfae5c170cf0caccd40af69cbf6
                                                  • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                  • Instruction Fuzzy Hash: A5817877E88642C5FA648E39C1102782AB0BF11F68F65803EDA0AD7295DF2DED41DE21
                                                  Function 00007FF685C0C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 2395640692-1018135373
                                                  • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                  • Instruction ID: 7c59c6be702d0ac148fdd5d7cee97cf6064654859f93bba144f23019a46460f0
                                                  • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                  • Instruction Fuzzy Hash: D2516C73B19652CADB14DA15E444A79ABA1FF44FA8F50813EDA4987784DF7CEC41CB00
                                                  Function 00007FF685C0E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                  • String ID: csm$csm
                                                  • API String ID: 3896166516-3733052814
                                                  • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                  • Instruction ID: c8327010e14520a20af4a23714ec19886dd85e83e04c0053dec17e7ccce5d52c
                                                  • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                  • Instruction Fuzzy Hash: 175146B3A48646CAEA648E25E14427876B0FF54FA4F14513EDB5D87B95CF38E850CF01
                                                  Function 00007FF685C0E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CallEncodePointerTranslator
                                                  • String ID: MOC$RCC
                                                  • API String ID: 3544855599-2084237596
                                                  • Opcode ID: c1bd0f280093dc077c2402edd2c21f20ddcaf15bcc9dc74a739a9fc2baeea3e9
                                                  • Instruction ID: 86c63ed553317ee9a5160b10077f6ccec7ca898af6453588e11e5e2c42ee1411
                                                  • Opcode Fuzzy Hash: c1bd0f280093dc077c2402edd2c21f20ddcaf15bcc9dc74a739a9fc2baeea3e9
                                                  • Instruction Fuzzy Hash: 0C616D73908B85C1D6619F15E4403AAB7B0FB85BA4F04522EEB9C83B95CF7CE590CB00
                                                  Function 00007FFE007380A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE007540CC), ref: 00007FFE00738172
                                                  • LCMapStringW.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,?,?,?,?,?,?,00007FFE007540CC), ref: 00007FFE0077EB3E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProcString
                                                  • String ID: IsValidLocaleName$LCMapStringEx
                                                  • API String ID: 3874510993-3130311144
                                                  • Opcode ID: cbc00fa42a12b1a8c4d9a865d6d9b3df3094b15a043788229a0d056418eaa084
                                                  • Instruction ID: 0165528e7d951ecb10f2c0629312f9104e4f0d1ba738f9b8e16c3ff382393d24
                                                  • Opcode Fuzzy Hash: cbc00fa42a12b1a8c4d9a865d6d9b3df3094b15a043788229a0d056418eaa084
                                                  • Instruction Fuzzy Hash: B741BF62B0AB8686FB649B15E8007A663D0BB48BD4F084235EF5D477ADEF3CE8058740
                                                  Function 00007FFE0079D5B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0079F22F), ref: 00007FFE0079D638
                                                  • CompareStringW.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFE0079F22F), ref: 00007FFE0079D700
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressCompareProcString
                                                  • String ID: AppPolicyGetThreadInitializationType$CompareStringEx
                                                  • API String ID: 108076903-1200376162
                                                  • Opcode ID: 30d2520cc01e508eb23018c8aeae5952f2c3f42758c4307ec194bc7423b5993b
                                                  • Instruction ID: 5ccf135c448b93163bbde3cf824612cfbf7aa421b020ac9d179c90c55ff3377d
                                                  • Opcode Fuzzy Hash: 30d2520cc01e508eb23018c8aeae5952f2c3f42758c4307ec194bc7423b5993b
                                                  • Instruction Fuzzy Hash: 8731A232B0AA8186EB64DB25E8107A663E0FB58BE4F084135DF5D477ACEF3CE8458740
                                                  Function 00007FFE0079D820 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,00007FFE007880CD,?,?,?,?,?,?,?,00000000), ref: 00007FFE0079D8A2
                                                  • GetDateFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(?,?,?,?,?,?,?,00007FFE007880CD,?,?,?,?,?,?,?,00000000), ref: 00007FFE0079D950
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressDateFormatProc
                                                  • String ID: GetDateFormatEx$RoInitialize
                                                  • API String ID: 2680382325-2816274727
                                                  • Opcode ID: 3cbcdcd87a5581ac5b4be722e370957f0920fc86bcbb390c1353a9f807368591
                                                  • Instruction ID: 1d9a2775310e032cf578c5dcd89121d69fe6c83b672ac4cfeb1c260b7f946fd6
                                                  • Opcode Fuzzy Hash: 3cbcdcd87a5581ac5b4be722e370957f0920fc86bcbb390c1353a9f807368591
                                                  • Instruction Fuzzy Hash: 44317E61B0AB4286FB14EB15E81066667E1BB48BD0F094235DF5D437BDEF3CE8018744
                                                  Function 00007FFE0079DB5C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88libraryloadertimeCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,?,?,?,00007FFE00788170,?,?,?,?,?,?,?,00000000), ref: 00007FFE0079DBDE
                                                  • GetTimeFormatW.API-MS-WIN-CORE-DATETIME-L1-1-0(?,?,?,?,?,?,?,00007FFE00788170,?,?,?,?,?,?,?,00000000), ref: 00007FFE0079DC86
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressFormatProcTime
                                                  • String ID: GetTimeFormatEx$RoInitialize
                                                  • API String ID: 3572143191-3078538569
                                                  • Opcode ID: 50b84c3166a7a606b15ed9c35499d240a258922d1085a1f3b1407689fb808eb0
                                                  • Instruction ID: 9eb16ec8d4ac249a15056f271a91c982bfba866622dd42fbb4174c558d088cfc
                                                  • Opcode Fuzzy Hash: 50b84c3166a7a606b15ed9c35499d240a258922d1085a1f3b1407689fb808eb0
                                                  • Instruction Fuzzy Hash: 41318F62B0AB4286FB14EB16A81056667D1BB88BD4F494139DF5D477BCDF3CE801C704
                                                  Function 00007FF685C07530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateDirectoryW.KERNEL32(00000000,?,00007FF685C0324C,?,?,00007FF685C03964), ref: 00007FF685C07642
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectory
                                                  • String ID: %.*s$%s%c$\
                                                  • API String ID: 4241100979-1685191245
                                                  • Opcode ID: 1156698ca0d33aa8d2468b4f0fdefbfa17a3fd1640f2d1a941dba21d9585616c
                                                  • Instruction ID: acd13dfeec0afb1df0e61e8483318a249cbb9e1489a8f834a77b495c37459c11
                                                  • Opcode Fuzzy Hash: 1156698ca0d33aa8d2468b4f0fdefbfa17a3fd1640f2d1a941dba21d9585616c
                                                  • Instruction Fuzzy Hash: A931C9A2619AC5C5EA219B15E4107EA62B4FF54FF0F40423EEA6D837C5DE2CDA45CF00
                                                  Function 00007FFE007462CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE007434B6,?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?), ref: 00007FFE00746355
                                                  • TlsSetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE007434B6,?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?), ref: 00007FFE0078347A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProcValue
                                                  • String ID: FlsSetValue$LCMapStringEx
                                                  • API String ID: 1414840956-3586097892
                                                  • Opcode ID: e8f73a9f15f5acc4ace477647e8abd823f3b94cfbf3b3b9d69bf812f061f4f2f
                                                  • Instruction ID: f5fa2c684d8bf5181405c845b49ea9138069b7fb3770912b4daabc62a85f4fea
                                                  • Opcode Fuzzy Hash: e8f73a9f15f5acc4ace477647e8abd823f3b94cfbf3b3b9d69bf812f061f4f2f
                                                  • Instruction Fuzzy Hash: CF21D361B1FA8242FA09AB59AC105B56391AF49BE0F0C5139EF1E077FDEF2CE5458340
                                                  Function 00007FFE0074E260 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE0074E1FB), ref: 00007FFE0074E2E0
                                                  • GetUserDefaultLCID.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,?,?,00007FFE0074E1FB), ref: 00007FFE0078605D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressDefaultProcUser
                                                  • String ID: GetUserDefaultLocaleName$IsValidLocaleName
                                                  • API String ID: 306211784-3812970866
                                                  • Opcode ID: 6de41d5f5313b39fdf11730a669525d9c1f1cd8a2f9373217a76878fdf8f655c
                                                  • Instruction ID: b1ce97d9289861bff430c51c9ab5871850df8e6f43a460617a48b831f248d366
                                                  • Opcode Fuzzy Hash: 6de41d5f5313b39fdf11730a669525d9c1f1cd8a2f9373217a76878fdf8f655c
                                                  • Instruction Fuzzy Hash: 8E21D161B0FA8282FA44AB55E8105B61395BF097E4F085136EF2D477FCEF2CE5458340
                                                  Function 00007FFE00747624 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65librarymemoryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE00746FE6), ref: 00007FFE0074769F
                                                  • TlsAlloc.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE00746FE6), ref: 00007FFE007476DF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressAllocProc
                                                  • String ID: FlsAlloc$LCMapStringEx
                                                  • API String ID: 2924745751-1958574131
                                                  • Opcode ID: 52871a79671c4f628470ebf279ca615ca428cd953d39a408f8540e4ea56dfa3a
                                                  • Instruction ID: e68e950becc4ab1b10d07280081d5b165be55f24b3df66839d5eb06711019648
                                                  • Opcode Fuzzy Hash: 52871a79671c4f628470ebf279ca615ca428cd953d39a408f8540e4ea56dfa3a
                                                  • Instruction Fuzzy Hash: 0521A161A1FA4242FA49AB59E8109B513A2AF087E4F195135EF2D477FCEF2CF545C700
                                                  Function 00007FFE0079D728 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE0079D154,?,?,?,?,00007FFE0074709B), ref: 00007FFE0079D799
                                                  • TlsFree.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE0079D154,?,?,?,?,00007FFE0074709B), ref: 00007FFE0079D804
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeProc
                                                  • String ID: FlsFree$LCMapStringEx
                                                  • API String ID: 4110577592-1627765421
                                                  • Opcode ID: 08e3f97a92b361267e144c6ae74d5b496c91b98002f5abc4f9b2827e390f001c
                                                  • Instruction ID: 6c0003e00f9426e6e52bc6dcd0e0786dee767160115ed8aed43e70ab3f512ad3
                                                  • Opcode Fuzzy Hash: 08e3f97a92b361267e144c6ae74d5b496c91b98002f5abc4f9b2827e390f001c
                                                  • Instruction Fuzzy Hash: E521C261B1BA4242FE19A754E8209B523E1BF48794F085235EF1E077FCEF2CE9058340
                                                  Function 00007FFE00745FE0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • TlsSetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE007524DE,?,?,?,?,?,?,?,?,?,00007FFE00752379), ref: 00007FFE007832D3
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE007524DE,?,?,?,?,?,?,?,?,?,00007FFE00752379), ref: 00007FFE007832E9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProcValue
                                                  • String ID: FlsSetValue$LCMapStringEx
                                                  • API String ID: 1414840956-3586097892
                                                  • Opcode ID: b6a1fe3d016932c687377a0b0bd6db3313e0398f0c172229d9a6fa604d345480
                                                  • Instruction ID: 7fb4e231e54900175cf923f9d51374dc9baef616440f4eba6743d17255c29734
                                                  • Opcode Fuzzy Hash: b6a1fe3d016932c687377a0b0bd6db3313e0398f0c172229d9a6fa604d345480
                                                  • Instruction Fuzzy Hash: ED215E65B1A74242FA04AB19E8106762392BF487B0F089635CB2E077FDDF3CF9468340
                                                  Function 00007FFE00745F70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • TlsSetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE00751F4E,?,?,?,?,?,00007FFE00751F01), ref: 00007FFE00783232
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE00751F4E,?,?,?,?,?,00007FFE00751F01), ref: 00007FFE00783248
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProcValue
                                                  • String ID: FlsSetValue$LCMapStringEx
                                                  • API String ID: 1414840956-3586097892
                                                  • Opcode ID: 53de3e512ccb66b431a7c3155f2d458e209e329cd8c00b4f72dde238609dd6ac
                                                  • Instruction ID: 4fea4ca7e0e49933780ea2be407727979558448b1275f9806ea4c3021d8ab401
                                                  • Opcode Fuzzy Hash: 53de3e512ccb66b431a7c3155f2d458e209e329cd8c00b4f72dde238609dd6ac
                                                  • Instruction Fuzzy Hash: 1E215165B1BB4242FA04AB19E8505756292BF487A0F089635CB2E077FDEF2CF5458700
                                                  Function 00007FFE1330AB00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyErr_SetString.PYTHON38(?,?,?,00007FFE13308EB9,?,?,?,00007FFE13303B38), ref: 00007FFE1330AB43
                                                  • _Py_Dealloc.PYTHON38(?,?,?,00007FFE13308EB9,?,?,?,00007FFE13303B38), ref: 00007FFE1330ABC1
                                                  • memcpy.VCRUNTIME140(?,?,?,00007FFE13308EB9,?,?,?,00007FFE13303B38), ref: 00007FFE1330ABD4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocErr_Stringmemcpy
                                                  • String ID: abstract class
                                                  • API String ID: 4155950771-1623945838
                                                  • Opcode ID: be8924383bb377ad266453c69e4221a270ad9929b329493a1a2df0213eb37681
                                                  • Instruction ID: 87c601626cae902f37e7a83e56127cfe9cd53954d5aaf2ba081f0bfb0957bddf
                                                  • Opcode Fuzzy Hash: be8924383bb377ad266453c69e4221a270ad9929b329493a1a2df0213eb37681
                                                  • Instruction Fuzzy Hash: 81217F32A15F01CAEB548F23E84016D73A1FB68FA4F144271DE5D67B64CF38E4128348
                                                  Function 00007FFE00743A40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,00000000,00007FFE00743484,?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?), ref: 00007FFE00743AB9
                                                  • TlsGetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,00000000,00007FFE00743484,?,?,?,00007FFE007839B1,?,?,?,?,00007FFE007478EA,?,?,?), ref: 00007FFE0077C59E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProcValue
                                                  • String ID: FlsGetValue$LCMapStringEx
                                                  • API String ID: 1414840956-552164261
                                                  • Opcode ID: d64a5d3ffbdea9515a3ca7683bb0a3791a94bfe81829277ad067d39434604beb
                                                  • Instruction ID: b763ef44474396fcd495ba41aef0e94d85a3cf1e2d5d8578f717169a920f3a06
                                                  • Opcode Fuzzy Hash: d64a5d3ffbdea9515a3ca7683bb0a3791a94bfe81829277ad067d39434604beb
                                                  • Instruction Fuzzy Hash: C7217161B1B74282FE05AB18E8541752392AF4C7B0F189639DB6D477FDDE2CF8558300
                                                  Function 00007FFE13302514 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE133035A0: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE133035EB
                                                  • PyUnicode_FromStringAndSize.PYTHON38 ref: 00007FFE13302578
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FromSizeStringUnicode___stdio_common_vsprintf
                                                  • String ID: :%x$ctypes object structure too deep
                                                  • API String ID: 1484205955-3091822184
                                                  • Opcode ID: ddd1b559eadba613ddaa0b7fce25aa040b8cd51470d824469f84b5e9edf0ff50
                                                  • Instruction ID: 4f2ca7c0b8e789d6bba41b013df34426c2f8cee47e2b11e10a294df3783e3699
                                                  • Opcode Fuzzy Hash: ddd1b559eadba613ddaa0b7fce25aa040b8cd51470d824469f84b5e9edf0ff50
                                                  • Instruction Fuzzy Hash: 7F21C032B18E86D9EA20CF16E4502EEA360FB987A0F844172CA9D57765DF3CE105CB08
                                                  Function 00007FFE1330F560 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_FormatLongLong_SubtypeType_
                                                  • String ID: one character bytes, bytearray or integer expected
                                                  • API String ID: 1180759657-2748977362
                                                  • Opcode ID: f3d724d38b75ea96a8abb4e1a76ba44acfbf27b48ab95195d0f25d8558bf1e96
                                                  • Instruction ID: 14657be90a0aa68efdf9562348be37bdb550a742a0f1ce863151a339c8d8f93c
                                                  • Opcode Fuzzy Hash: f3d724d38b75ea96a8abb4e1a76ba44acfbf27b48ab95195d0f25d8558bf1e96
                                                  • Instruction Fuzzy Hash: A4116062E18E46C9EB588F57E48427C23A0EB68FA4F1880B1DA6D57675CF2CD498D308
                                                  Function 00007FF685C025F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: Error$Error/warning (ANSI fallback)
                                                  • API String ID: 1878133881-653037927
                                                  • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                  • Instruction ID: f29d63a575917b1e380c3148ba56d61b2ab9e4d1ffc77a09d9c05385ac55cda6
                                                  • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                  • Instruction Fuzzy Hash: EE112BA3628B85C1EA208B10E451BA97374FF48F98F90613EEA9D97654DF7CDA05CB40
                                                  Function 00007FF685C02870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Message$ByteCharMultiWide
                                                  • String ID: Error/warning (ANSI fallback)$Warning
                                                  • API String ID: 1878133881-2698358428
                                                  • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                  • Instruction ID: 3113eea998f22cea716098c85f6a5d855dc725e7a46a96b0e4f5480a4f34edef
                                                  • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                  • Instruction Fuzzy Hash: 4A112BA3628B85C1EA208B10E451BA97774FF48F98F90613EDA9D97654DF3CDA09CB40
                                                  Function 00007FFE1330EF98 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_StringSubtypeType_
                                                  • String ID: can't delete attribute$not a ctype instance
                                                  • API String ID: 468607378-2740123057
                                                  • Opcode ID: 1fafcbcae81ec3fd018d3d4226a6b337f39236e74224f4e96270f17a336483e8
                                                  • Instruction ID: 5dde75d9a179b97e3509845433e40ebf1742c3d7c8daf9402df014941221d6d4
                                                  • Opcode Fuzzy Hash: 1fafcbcae81ec3fd018d3d4226a6b337f39236e74224f4e96270f17a336483e8
                                                  • Instruction Fuzzy Hash: 4D110362B08F45C5EB10CB16E440169A760FB68FF4B0586B2EAAD67B69DF2CD491C708
                                                  Function 00007FFE13301254 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • bytes or integer address expected instead of %s instance, xrefs: 00007FFE13307033
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Long$Bytes_Err_FormatLong_MaskStringUnsigned
                                                  • String ID: bytes or integer address expected instead of %s instance
                                                  • API String ID: 1546367030-706233300
                                                  • Opcode ID: c5b2b3cdae5104d5393cc6efd3c4e60599be666788a45162c92a9ba1b46f74d2
                                                  • Instruction ID: e74a64eea5695d308162e914f115c2dd1d59cd83480645fc06aff4a096f0d009
                                                  • Opcode Fuzzy Hash: c5b2b3cdae5104d5393cc6efd3c4e60599be666788a45162c92a9ba1b46f74d2
                                                  • Instruction Fuzzy Hash: 59110C76E29E46C9EB008F17E94027D2375AB68BE4F548571CA6E63375CE3CD0558308
                                                  Function 00007FFE1330AA68 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AuditErr_StringSys_
                                                  • String ID: abstract class$ctypes.cdata
                                                  • API String ID: 1384585920-3531133667
                                                  • Opcode ID: 6c986b24c207993e7dc52169703a89036ea5d551520a2863b80b1632265cef16
                                                  • Instruction ID: d3363bea02e713611d59a58ba00f27030f8c80de4bea0e32805316b05693217f
                                                  • Opcode Fuzzy Hash: 6c986b24c207993e7dc52169703a89036ea5d551520a2863b80b1632265cef16
                                                  • Instruction Fuzzy Hash: 12013921B18F42C5EA04CB13E94017D67A1FB98FE4B0885B5DA6DA7765EF2CD452C308
                                                  Function 00007FFE133019CC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_StringSubtypeType_
                                                  • String ID: expected CData instance
                                                  • API String ID: 468607378-1581534645
                                                  • Opcode ID: 18eac365da9da82c7be5fa6ddf0301b549dbff12dc4289c0220c4cf0942324f5
                                                  • Instruction ID: 437f7392f60edf4079df34f891b8d96444a8e44ea79fd99cbc1197a5af4a02fe
                                                  • Opcode Fuzzy Hash: 18eac365da9da82c7be5fa6ddf0301b549dbff12dc4289c0220c4cf0942324f5
                                                  • Instruction Fuzzy Hash: 7C011E61E09F03DAEB558B67D84017C23A4BF68BA5B1804B5C92E66771EF2CE456C318
                                                  Function 00007FFE13304960 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocErr_String
                                                  • String ID: _type_ must be a type$_type_ must have storage info
                                                  • API String ID: 1259552197-214983684
                                                  • Opcode ID: 31ae3acbab6cf956dfcdfe9e0334822512d276cd84fc02f0c011a73acb6f6fc2
                                                  • Instruction ID: c7d1bff7e0bcd237f5be4dadc3dfaa2e41403c2535fa0c6d8c5ec85966746746
                                                  • Opcode Fuzzy Hash: 31ae3acbab6cf956dfcdfe9e0334822512d276cd84fc02f0c011a73acb6f6fc2
                                                  • Instruction Fuzzy Hash: 7A014CA1E0CE06C9EA548B07C8402BC63A0BFB5BB0F5441B5C9AD763B4DF6CA995C749
                                                  Function 00007FFE13304EB4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_LongLong_MaskStringUnicode_Unsigned
                                                  • String ID: function name must be string, bytes object or integer
                                                  • API String ID: 2115587880-3177123413
                                                  • Opcode ID: 25a9809bc0b9a84059b6088b3c6c508c1e875b89492b4433713f89c9c7ab522e
                                                  • Instruction ID: 08f648c4b551fb1bcb48fa1bfd10fb13ee438a57b57c13c1ab377975c96ac891
                                                  • Opcode Fuzzy Hash: 25a9809bc0b9a84059b6088b3c6c508c1e875b89492b4433713f89c9c7ab522e
                                                  • Instruction Fuzzy Hash: 12018121F19F0AC9FB154F6BD85457C2351AF68BB4F1484B0C56DA6A75DD3CA041C708
                                                  Function 00007FFE13301180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_Long$Long_MaskOccurredStringUnsigned
                                                  • String ID: cannot be converted to pointer
                                                  • API String ID: 361506457-3065012988
                                                  • Opcode ID: 9d78d1695ba62ee1ba72d204a46f331d9aac2d2020aa89fcc41fd74f633a5faa
                                                  • Instruction ID: 091a61076f59cd2370e6f56d7e7b19ecf6ae12e911d275d932bd0c430d8cbd4d
                                                  • Opcode Fuzzy Hash: 9d78d1695ba62ee1ba72d204a46f331d9aac2d2020aa89fcc41fd74f633a5faa
                                                  • Instruction Fuzzy Hash: F0011E25E29E06C9EA188F57E84037823B0BF68BE4F1481B1D92D12375CE2CE044C308
                                                  Function 00007FFE1330CE08 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_File_ObjectPrintStringSys_Write__stdio_common_vsprintf
                                                  • String ID: stderr
                                                  • API String ID: 3428540488-1769798200
                                                  • Opcode ID: b85cdcbcb23bfeaac3917966d3ac98d52ea196867f0de5e8bdad10b2158e6464
                                                  • Instruction ID: a4d159d465d92dc6912f264ef923b7298823bba0221752983c32db5db99332a1
                                                  • Opcode Fuzzy Hash: b85cdcbcb23bfeaac3917966d3ac98d52ea196867f0de5e8bdad10b2158e6464
                                                  • Instruction Fuzzy Hash: E8014031A28F81C6EA608B12F8853A97364FBA4B50F440171CAAD17375DF3CE154C644
                                                  Function 00007FFE1330B1DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Callable_CheckDeallocErr_String
                                                  • String ID: the errcheck attribute must be callable
                                                  • API String ID: 3907376375-3049503998
                                                  • Opcode ID: 61656c79d6d346c1efe85635cb1e8023004125b6a61a1fa0cb11ab76b3daad86
                                                  • Instruction ID: fb462a49079308a48ff8676234e2dd4899f36d4cb0f171efc9792d2d21d8cf33
                                                  • Opcode Fuzzy Hash: 61656c79d6d346c1efe85635cb1e8023004125b6a61a1fa0cb11ab76b3daad86
                                                  • Instruction Fuzzy Hash: EFF04F21E08E46C9EB588F27E95017C63A4FF68FF4F1485B0CA7DA6675DE2CD4958308
                                                  Function 00007FFE13302B20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_FromLong_Ssize_tStringSubtypeType_
                                                  • String ID: this type has no size
                                                  • API String ID: 878983749-982649334
                                                  • Opcode ID: 5b5c4561f0d3315203e0283524d91c79c2db2b5c747ec2ef5175cef2f0e43bd3
                                                  • Instruction ID: d9291b16117c60cebba6a5edb2dfec1d5b6c1e203823b3f7ed05d94405ea08f4
                                                  • Opcode Fuzzy Hash: 5b5c4561f0d3315203e0283524d91c79c2db2b5c747ec2ef5175cef2f0e43bd3
                                                  • Instruction Fuzzy Hash: A9F01D61F18D03C9EE14DB23D4501782361FFA8FA4B4454B1C92EB66B1EE2CE495C30C
                                                  Function 00007FFE13309CE4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$Long_OccurredStringVoid
                                                  • String ID: integer expected
                                                  • API String ID: 1621529885-2140524511
                                                  • Opcode ID: d7e12a5a84ba3b5816ac9245441cbdfbdf4e16f5050b299c09b493440ede2c38
                                                  • Instruction ID: d2bf115055875e4a8c661630aa348f79751f14e0e08e3278f933b764eaeb9f1f
                                                  • Opcode Fuzzy Hash: d7e12a5a84ba3b5816ac9245441cbdfbdf4e16f5050b299c09b493440ede2c38
                                                  • Instruction Fuzzy Hash: 65F09A21F08E46C9EE008B17E4442796360AFA8FE0F1884B0D92E27779CE2CD0848308
                                                  Function 00007FFE13307F94 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  • second item in _fields_ tuple (index %zd) must be a C type, xrefs: 00007FFE13307FB0
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DeallocErr_FormatFreeMem_
                                                  • String ID: second item in _fields_ tuple (index %zd) must be a C type
                                                  • API String ID: 3237669406-2717732800
                                                  • Opcode ID: 005435b0ef9407ab09b5a462a8de8b0f0626b263dac59c8c198cb6ebb4c16b1b
                                                  • Instruction ID: 91800e52b67cd99cea9c4abfc8811bee5017cfd0b36f488f1e69d1f8b0bbcac4
                                                  • Opcode Fuzzy Hash: 005435b0ef9407ab09b5a462a8de8b0f0626b263dac59c8c198cb6ebb4c16b1b
                                                  • Instruction Fuzzy Hash: 33E0EC20E08E46C9E6009B27E8500BC6320AFA5FB5B1442B1D83E626B58E7CA04A920D
                                                  Function 00007FFE00743900 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID:
                                                  • API String ID: 1452528299-0
                                                  • Opcode ID: 18db2e717d6e9a190dc741c93031587e0ec3cbb847af2f7d68fcb41733bd8954
                                                  • Instruction ID: 8d99ed5c377ad2f0ee05b0786a7812f203a85876c73b9c6e258ac7c6701a4240
                                                  • Opcode Fuzzy Hash: 18db2e717d6e9a190dc741c93031587e0ec3cbb847af2f7d68fcb41733bd8954
                                                  • Instruction Fuzzy Hash: ED312A20F0E68286FA58BB2495555B96255AF487B4F1C0234EB6E077FFDF6CF9418700
                                                  Function 00007FFE007431E0 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID:
                                                  • API String ID: 1452528299-0
                                                  • Opcode ID: 262d58c94eb70e3f2e97f17b2e8fed4ed4014c40fcaecd92b031746c4b4840c3
                                                  • Instruction ID: e5da16888e567e853356bf449e9132227f01827fe3383f71961b54c6c5351f1e
                                                  • Opcode Fuzzy Hash: 262d58c94eb70e3f2e97f17b2e8fed4ed4014c40fcaecd92b031746c4b4840c3
                                                  • Instruction Fuzzy Hash: 8D314A21F0E68286FA58BB64A9515B92255BF457A0F0C0334E72E467FFDF6CF9018710
                                                  Function 00007FFE00743310 Relevance: 6.3, APIs: 5, Instructions: 84COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE007D60F5), ref: 00007FFE00743324
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE007D60F5), ref: 00007FFE00743373
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE007D60F5), ref: 00007FFE00743389
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE007D60F5), ref: 00007FFE007433A1
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000001,00007FFE007D60F5), ref: 00007FFE0074340A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID:
                                                  • API String ID: 1452528299-0
                                                  • Opcode ID: 1ac66b635d249aedb6595ff3c920d5dc40e6242194dc6f8228f48c41243d32ff
                                                  • Instruction ID: 29e6b27cf01bf8924aa8c2c68c1368856b4f4c4e3b77e51aeb5f833b2ee6a2c6
                                                  • Opcode Fuzzy Hash: 1ac66b635d249aedb6595ff3c920d5dc40e6242194dc6f8228f48c41243d32ff
                                                  • Instruction Fuzzy Hash: EA313A20F0E68296FA58BB24A5555B96665AF487B0F1C0234EB2E077FFDF2CE9018310
                                                  Function 00007FFE00743520 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID:
                                                  • API String ID: 1452528299-0
                                                  • Opcode ID: 5c77dfd06bf0c4a08de7cbd3e0678428effb9ddff0ba386b0be6a990e184cb36
                                                  • Instruction ID: bb501d2f68d06a6a0f0f921e803c69ca1d0681b6d6e3ab6a23deeb6deebbbea9
                                                  • Opcode Fuzzy Hash: 5c77dfd06bf0c4a08de7cbd3e0678428effb9ddff0ba386b0be6a990e184cb36
                                                  • Instruction Fuzzy Hash: 50314820F0E68396FA18BB25A5515B96255AF447A0F0C0234EB2E077FFDF2CE9118311
                                                  Function 00007FFE00743660 Relevance: 6.3, APIs: 5, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID:
                                                  • API String ID: 1452528299-0
                                                  • Opcode ID: 995f622ee0478ad80666a64d0f6f1b33d60a04ac0258514eced1de964909b684
                                                  • Instruction ID: 9607cfb291b89c72b684d00877a8b370e550a33b24a00f0107c09c1e892c7584
                                                  • Opcode Fuzzy Hash: 995f622ee0478ad80666a64d0f6f1b33d60a04ac0258514eced1de964909b684
                                                  • Instruction Fuzzy Hash: 4F311B60F0F68286FA59BB25A5955B96255AF447A0F0C0234EB6E07BFFDF2CA9018710
                                                  Function 00007FFE007437A0 Relevance: 6.3, APIs: 5, Instructions: 84COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE00732468,?,?,00000000,?,00000000,00007FFE00732036), ref: 00007FFE007437AF
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE00732468,?,?,00000000,?,00000000,00007FFE00732036), ref: 00007FFE007437FE
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE00732468,?,?,00000000,?,00000000,00007FFE00732036), ref: 00007FFE00743819
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE00732468,?,?,00000000,?,00000000,00007FFE00732036), ref: 00007FFE00743831
                                                  • SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,00000000,00007FFE00732468,?,?,00000000,?,00000000,00007FFE00732036), ref: 00007FFE0074389D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID:
                                                  • API String ID: 1452528299-0
                                                  • Opcode ID: c2ae306a1fc25cde0675015cfd2c7e2ee1f2785b707fe40c3e176b6001e996c2
                                                  • Instruction ID: 03544e899e5e1debad2f24021f5fb0cf2ddc538b03e1129ab42ad2a24863c0f7
                                                  • Opcode Fuzzy Hash: c2ae306a1fc25cde0675015cfd2c7e2ee1f2785b707fe40c3e176b6001e996c2
                                                  • Instruction Fuzzy Hash: 7F311920F0E68286FA54BB65A5555B96259EF857A0F0C0634EB2E07BFFDF2CB9018710
                                                  Function 00007FFE0074F2D0 Relevance: 6.3, APIs: 5, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE0074F2F0
                                                  • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE0074F346
                                                  • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE0074F3BC
                                                  • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE0074F3D2
                                                  • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,00007FFE0074F0A6), ref: 00007FFE0074F3EB
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$Enter$Leave
                                                  • String ID:
                                                  • API String ID: 2801635615-0
                                                  • Opcode ID: 912060f8c2e11bf4a4245dfa8e8fe6ad5dfb5130a46c5078e16335f9b2efa0b3
                                                  • Instruction ID: bf38f07ed58a6851ea73af1b18ca57122379724ea87a78c6ea6f0d28b1d67918
                                                  • Opcode Fuzzy Hash: 912060f8c2e11bf4a4245dfa8e8fe6ad5dfb5130a46c5078e16335f9b2efa0b3
                                                  • Instruction Fuzzy Hash: FB31C322A1AA8681EA509F11E8842B96754FB98BE4F1D0236DB5E077FDCF7CE481C700
                                                  Function 00007FF685C1B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 2718003287-0
                                                  • Opcode ID: 0739f85a4d911baae0561c1f2f5b651aa469f8b70ac1dc09fd50f765aaaafbc7
                                                  • Instruction ID: 053acdfcd63740051a5ddba051008f8aa03c0650d691feefb292895d2f945746
                                                  • Opcode Fuzzy Hash: 0739f85a4d911baae0561c1f2f5b651aa469f8b70ac1dc09fd50f765aaaafbc7
                                                  • Instruction Fuzzy Hash: C6D1C173B48A81C9E711CF65D4402AC3BB5FB44BA8B14427EDE5E97B99DE38D816CB00
                                                  Function 00007FF685C1C270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF685C1C25B), ref: 00007FF685C1C38C
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF685C1C25B), ref: 00007FF685C1C417
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ConsoleErrorLastMode
                                                  • String ID:
                                                  • API String ID: 953036326-0
                                                  • Opcode ID: 76adbd728b317254a89cb4c791728419eb9f151af89ead0c9a06842c56e3605f
                                                  • Instruction ID: 71d0fd4c368b12271cbc74323593fae52315238325c3afe8bee368bd0f210d0e
                                                  • Opcode Fuzzy Hash: 76adbd728b317254a89cb4c791728419eb9f151af89ead0c9a06842c56e3605f
                                                  • Instruction Fuzzy Hash: C8918F63A48651C5F7608B65D4806BD2FB0FF44FA8F54513DEE0EA6A85DE3CE842CB04
                                                  Function 00007FFE00751840 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE007518DC: GetModuleHandleExW.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE00751868), ref: 00007FFE00751920
                                                  • CreateThread.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FFE00751891
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FFE00787231
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CreateErrorHandleLastModuleThread
                                                  • String ID:
                                                  • API String ID: 182981130-0
                                                  • Opcode ID: ba78546b4dc13ba6ab3297fd41d521de73a6e816c0c9ce01e36a2a3c0f0ceb39
                                                  • Instruction ID: 64c77012bcbb55934dbeaf41e80b78702ef36e3abcfc3450ec1cdee2977cc99e
                                                  • Opcode Fuzzy Hash: ba78546b4dc13ba6ab3297fd41d521de73a6e816c0c9ce01e36a2a3c0f0ceb39
                                                  • Instruction Fuzzy Hash: 25215925A0FB4286FE15EB65A4501B962A4BF88B91B5C4531EB0E437ADDE6CE801C700
                                                  Function 00007FFE1330B460 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Mem_$DeallocFreeMallocmemcpy
                                                  • String ID:
                                                  • API String ID: 1346496523-0
                                                  • Opcode ID: cd1faa9cd6bc9fcf4481885c5218df6ea04b1359ee28e5919f622cf77473978f
                                                  • Instruction ID: cfe72bb30efd2a14b8409cbea217918777dbfb97052e7a3a33dc63dceb10b79d
                                                  • Opcode Fuzzy Hash: cd1faa9cd6bc9fcf4481885c5218df6ea04b1359ee28e5919f622cf77473978f
                                                  • Instruction Fuzzy Hash: BA218C62E09F4289EB599F13E85017D23A0FF68FE0B0445B4DA2D23B69DF3CE5918348
                                                  Function 00007FFE007D3B40 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FFE007D3CC2,?,?,?,?,00007FFE00784EB5,?,?,?,00007FFE0074ADB6,?,?,?), ref: 00007FFE007D3B7A
                                                  • FlushFileBuffers.API-MS-WIN-CORE-FILE-L1-1-0(?,?,?,00007FFE007D3CC2,?,?,?,?,00007FFE00784EB5,?,?,?,00007FFE0074ADB6,?,?,?), ref: 00007FFE007D3BAB
                                                    • Part of subcall function 00007FFE0074F850: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE00747C74,?,?,?,00007FFE007478F7,?,?,?,00007FFE0074AC33,?,?,?,00007FFE0074ADB6), ref: 00007FFE0074F85A
                                                    • Part of subcall function 00007FFE0074F850: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE00747C74,?,?,?,00007FFE007478F7,?,?,?,00007FFE0074AC33,?,?,?,00007FFE0074ADB6), ref: 00007FFE0074F8A0
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FFE007D3CC2,?,?,?,?,00007FFE00784EB5,?,?,?,00007FFE0074ADB6,?,?,?), ref: 00007FFE007D3BBF
                                                  • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FFE007D3CC2,?,?,?,?,00007FFE00784EB5,?,?,?,00007FFE0074ADB6,?,?,?), ref: 00007FFE007D3BEE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$CriticalSection$BuffersEnterFileFlushLeave
                                                  • String ID:
                                                  • API String ID: 1312186065-0
                                                  • Opcode ID: 4f2888ff7bbf60e021e831f350996abbc6d04b76299a57556fe12fb360717843
                                                  • Instruction ID: 5d8082b7fbac06c0461069602d2a7df99ef35d3da1cacf3cfd9d2bc7b3b25c20
                                                  • Opcode Fuzzy Hash: 4f2888ff7bbf60e021e831f350996abbc6d04b76299a57556fe12fb360717843
                                                  • Instruction Fuzzy Hash: 57218E72A26F8682DF10EF59E4941A96361FB98F84B484236DB4E47379DF3CD154C300
                                                  Function 00007FF685C02030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: LongWindow$DialogInvalidateRect
                                                  • String ID:
                                                  • API String ID: 1956198572-0
                                                  • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                  • Instruction ID: 179e332a52a6caf5f3244e7f9c71b0468eecc634d0f3ae9d25fe2b6e19dbbd57
                                                  • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                  • Instruction Fuzzy Hash: 0B11AC72F08242C1FE549B59E54427A5671FF88FA4F44903EDA4947B99CE3DDCC1C900
                                                  Function 00007FFE133013BC Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$CallDict_ItemMakeObject_ProxyWeakref_
                                                  • String ID:
                                                  • API String ID: 1512266493-0
                                                  • Opcode ID: ee14201d288885dab2d3b72eca7127d67ec00b39f4c2a441eb93ece7867c3194
                                                  • Instruction ID: 327f4de16ba552415dbb1b6a481c313d004c1d111311e606b5e90f213b320010
                                                  • Opcode Fuzzy Hash: ee14201d288885dab2d3b72eca7127d67ec00b39f4c2a441eb93ece7867c3194
                                                  • Instruction Fuzzy Hash: 3B114F35E08E82C9EB548F13A84017D63A4EB69BE4B184171DE6E277BACF3CE4418308
                                                  Function 00007FFE13304668 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Descr_Dict_ItemString
                                                  • String ID:
                                                  • API String ID: 975051370-0
                                                  • Opcode ID: d8a4eaa814511476155a84e271f8be3e0b3fe2d8030b4c9334b05d05d5822cab
                                                  • Instruction ID: 093fc7d23eabf4e6a6d9baa038b56f068ca39611582b776b876dce34ac3aa214
                                                  • Opcode Fuzzy Hash: d8a4eaa814511476155a84e271f8be3e0b3fe2d8030b4c9334b05d05d5822cab
                                                  • Instruction Fuzzy Hash: 40117025E0EE4689EB548B13A54037D63A0EF69BE0F084170DE6D627B9EF7CD1918704
                                                  Function 00007FF685C0C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                  • String ID:
                                                  • API String ID: 2933794660-0
                                                  • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                  • Instruction ID: a7ade6f7977d42f5c191fc919a1100cef2232a2c08f27cd25615845b4c70735c
                                                  • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                  • Instruction Fuzzy Hash: 08111C22B14B05CAEB008F60E9542A933B4FB59B68F441E39DA6D877A4DF78E554CB40
                                                  Function 00007FFE1330C97C Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Object_memset$Track
                                                  • String ID:
                                                  • API String ID: 225649448-0
                                                  • Opcode ID: a786a447b7de81fdd416b21125803142f81c2d228cba119be79dd88451351a2b
                                                  • Instruction ID: e019e7d22bfdd1c86686276649dbb2a14ea694cb0d1f2482c2a4006e708e8d4d
                                                  • Opcode Fuzzy Hash: a786a447b7de81fdd416b21125803142f81c2d228cba119be79dd88451351a2b
                                                  • Instruction Fuzzy Hash: A00180A3A24F4586EB14CF26D5443B82361FB68BA8F444274C61C1A6AADF3CD488C344
                                                  Function 00007FFE1330C904 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dealloc$Object_Track
                                                  • String ID:
                                                  • API String ID: 887704541-0
                                                  • Opcode ID: aa2aa10c337f1c5ce93df54a923721f9285695d3dbe56f63ba15867923e54c55
                                                  • Instruction ID: ad5d5c00c719296c41674e4005b107a28650ea6899511deda2e9493ac0a5b55c
                                                  • Opcode Fuzzy Hash: aa2aa10c337f1c5ce93df54a923721f9285695d3dbe56f63ba15867923e54c55
                                                  • Instruction Fuzzy Hash: 4101FF36E0AF02C8EF998F67A8541782364AF64F74F0801B4CAAD666718F6DA485C308
                                                  Function 00007FFE0074CC1C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FFE00742FE0: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00742FEA
                                                    • Part of subcall function 00007FFE00742FE0: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFE007A2851), ref: 00007FFE00743030
                                                  • GetACP.API-MS-WIN-CORE-LOCALIZATION-L1-2-0(?,00000092,?,?,?,CCCCCCC338C48348,00007FFE0074013B), ref: 00007FFE0074CCC1
                                                  • IsValidCodePage.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 00007FFE0074CCDF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$CodePageValid
                                                  • String ID: utf8
                                                  • API String ID: 943130320-905460609
                                                  • Opcode ID: 077269e3ce0ea29f6dee95bf8b04cfeeb839662aa7eba8c435895ef23497d673
                                                  • Instruction ID: 5c325f2d5bd6c61e8d50956923e6b1c2d02f3bc99169b85ad3cde3dc09f5d2dd
                                                  • Opcode Fuzzy Hash: 077269e3ce0ea29f6dee95bf8b04cfeeb839662aa7eba8c435895ef23497d673
                                                  • Instruction Fuzzy Hash: D891AB22B0B68386EBA5BF21C4506BA22A4FF44B94F494031DF0D977A9EF3CE955C750
                                                  Function 00007FFE0075AC90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_error
                                                  • String ID: !$fmod
                                                  • API String ID: 1757819995-3213614193
                                                  • Opcode ID: a5046bec0b170f6f65a4cdd1cb73adc953bca75b89e3650b120db442c54fc02e
                                                  • Instruction ID: c703a92246ab2925a37896d4a1b12887d3236eef2ba7d460e1c971676533a3fc
                                                  • Opcode Fuzzy Hash: a5046bec0b170f6f65a4cdd1cb73adc953bca75b89e3650b120db442c54fc02e
                                                  • Instruction Fuzzy Hash: C551E411C2FBC189E633773190127F9A698AFA63C4F049332FA4E366BDDB6DA5434600
                                                  Function 00007FF685C24E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                  • String ID: ?
                                                  • API String ID: 1286766494-1684325040
                                                  • Opcode ID: 30789dec6190b383a199f118b84c25ff7dc7ec79571e837530472d1d90a39620
                                                  • Instruction ID: 8cd4f75ca011771cb862106697be93b446b324c471b028bbf928cac16df0abb4
                                                  • Opcode Fuzzy Hash: 30789dec6190b383a199f118b84c25ff7dc7ec79571e837530472d1d90a39620
                                                  • Instruction Fuzzy Hash: 8141BF27A1878286FB249B25D48177AA670BF89FB4F10523DEA5C86AD5DE3CD841CB00
                                                  Function 00007FF685C1832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF685C1835E
                                                    • Part of subcall function 00007FF685C19C58: HeapFree.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C6E
                                                    • Part of subcall function 00007FF685C19C58: GetLastError.KERNEL32(?,?,?,00007FF685C22032,?,?,?,00007FF685C2206F,?,?,00000000,00007FF685C22535,?,?,?,00007FF685C22467), ref: 00007FF685C19C78
                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF685C0BEC5), ref: 00007FF685C1837C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                  • String ID: C:\Users\user\Desktop\oKfMLwqaRZ.exe
                                                  • API String ID: 3580290477-4251394469
                                                  • Opcode ID: b12c586edd81a32e618353e8c6e47471c9321224668f8732ac6121a92b7f4d59
                                                  • Instruction ID: 2f778daf22e1b08d4ff3c9803d57bcf8c4c803931f7872e104dd04d22ca2d1aa
                                                  • Opcode Fuzzy Hash: b12c586edd81a32e618353e8c6e47471c9321224668f8732ac6121a92b7f4d59
                                                  • Instruction Fuzzy Hash: 5C416C37A48A52C5EB24DF26E4900BD26B5FF45FA0B55503DEA4E87B85DE3CE881CB00
                                                  Function 00007FF685C1F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                  • String ID: .$:
                                                  • API String ID: 2020911589-4202072812
                                                  • Opcode ID: 7a35d28534e01db8ffeaa6b4fa37230a72ad0a4b96bb2a626ac06d1e353ecb62
                                                  • Instruction ID: e57ff9c330d33dcbf23a0ce515174ee39578f4a79c368761566c2604cb4ba3c9
                                                  • Opcode Fuzzy Hash: 7a35d28534e01db8ffeaa6b4fa37230a72ad0a4b96bb2a626ac06d1e353ecb62
                                                  • Instruction Fuzzy Hash: B7414D23E48652D8FB11ABA1D8501BC26B4BF14B68F54013DDE4EA7A45EF389842CB50
                                                  Function 00007FF685C1BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastWrite
                                                  • String ID: U
                                                  • API String ID: 442123175-4171548499
                                                  • Opcode ID: 8a697203ccd77e4b09c13c65c1c26094ec0dd1f28ad5eedaecdf6916cad97550
                                                  • Instruction ID: 0e30967b9d5467c5804a013f9eab0cd87e76c95a525f999f8a8d70cca84567df
                                                  • Opcode Fuzzy Hash: 8a697203ccd77e4b09c13c65c1c26094ec0dd1f28ad5eedaecdf6916cad97550
                                                  • Instruction Fuzzy Hash: 6141A023A18A85C2DB20DF25E4447A96B74FF88BA4F804039EA4D87798DF3CD841CF00
                                                  Function 00007FFE007D64F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastWrite
                                                  • String ID: U
                                                  • API String ID: 442123175-4171548499
                                                  • Opcode ID: 288c51f84b61f88815cb9e54d337bf8bb85fc5b2dcb5d4d5e2a986185ac6fdb6
                                                  • Instruction ID: ea9f95a9253202539d621b7530bf189743fb79bd42ff566b089e91f75ff6ef4d
                                                  • Opcode Fuzzy Hash: 288c51f84b61f88815cb9e54d337bf8bb85fc5b2dcb5d4d5e2a986185ac6fdb6
                                                  • Instruction Fuzzy Hash: DA41A372B1AA8185EB60AF25E4443A977A1FB98784F484132DF8E877ACDF3CD441C750
                                                  Function 00007FFE00769460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_errorf
                                                  • String ID: "$powf
                                                  • API String ID: 2315412904-603753351
                                                  • Opcode ID: 9c0c2074deed8049657b9258028c4a6d4fcf62c9ac615ca19d8b2c990d0ceb3c
                                                  • Instruction ID: a57175080b63a8d33d3d2eae375e0b9779431b97e9964f067a013f11c3b2a64a
                                                  • Opcode Fuzzy Hash: 9c0c2074deed8049657b9258028c4a6d4fcf62c9ac615ca19d8b2c990d0ceb3c
                                                  • Instruction Fuzzy Hash: 37414273D29681DAD370CF22E0847BABAA0F799348F141329F74A01AE9CF7DC5559B44
                                                  Function 00007FFE0073173C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,?,00000000,?,00007FFE00731718), ref: 00007FFE007317A3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: EnumSystemLocalesEx$IsValidLocaleName
                                                  • API String ID: 190572456-1098237698
                                                  • Opcode ID: 01f6ff738e71fb6d052a19988c064d12b91bbc42d646210aa8682f63498baed6
                                                  • Instruction ID: cde12d9612fe2be3f5c74d42a737199832a473f00475bf59d80597155508f47b
                                                  • Opcode Fuzzy Hash: 01f6ff738e71fb6d052a19988c064d12b91bbc42d646210aa8682f63498baed6
                                                  • Instruction Fuzzy Hash: 3431BC76A0AB4282FA15AB14E811AB523A1BF58790F495135DF2C477BCEF3CE818C780
                                                  Function 00007FFE00771EB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: EntryInterlockedListNamePush__un
                                                  • String ID:
                                                  • API String ID: 524438517-3916222277
                                                  • Opcode ID: 47fe8399b7fe3f20832c88d3e99e3460415be596f92942b6acded4595a71f1d9
                                                  • Instruction ID: 1511b370c8b923d8c29ccd0ba59580fb3c813c2ae5534b8dd3d1f40f02864c5f
                                                  • Opcode Fuzzy Hash: 47fe8399b7fe3f20832c88d3e99e3460415be596f92942b6acded4595a71f1d9
                                                  • Instruction Fuzzy Hash: 7831B612B1BB9254FB16EB2A94085B96394FB08FD4B9D4535EF2D433A9DE3DD842C340
                                                  Function 00007FFE0079DECC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE0079D6DD,?,?,?,?,?,?,?,?,?,00007FFE0079F22F), ref: 00007FFE0079DF46
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: IsValidLocaleName$LocaleNameToLCID
                                                  • API String ID: 190572456-1205873579
                                                  • Opcode ID: da5a0cbb9eed6f49c66cde4c074b3381cfb5118fa4e19aac0d89585cb23fb15e
                                                  • Instruction ID: b0bf8dc984d127f0c53e5a9c22ccac08dc5a08a23d641faeb95d5ef25274f0cc
                                                  • Opcode Fuzzy Hash: da5a0cbb9eed6f49c66cde4c074b3381cfb5118fa4e19aac0d89585cb23fb15e
                                                  • Instruction Fuzzy Hash: 5431BF65B0BB8282FA14BB59E8112B62291AF187D0F4C5135EF2E573BDEF2CF8018740
                                                  Function 00007FFE0074A8E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,00002000,00007FFE00749AB1,?,?,00000000,00007FFE007499F9,?,?,?,00007FFE00749768), ref: 00007FFE0074A963
                                                  • InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,00002000,00007FFE00749AB1,?,?,00000000,00007FFE007499F9,?,?,?,00007FFE00749768), ref: 00007FFE00784DCF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressCountCriticalInitializeProcSectionSpin
                                                  • String ID: InitializeCriticalSectionEx
                                                  • API String ID: 1498394645-3084827643
                                                  • Opcode ID: aea73f0611dc2c0ae826291492e53037372dc3851cba82ec85974f612158bd10
                                                  • Instruction ID: 089cb8cbcdf06e91ec50e06c20168b2ac064e6391b6a3adeb07aab0a28aa0709
                                                  • Opcode Fuzzy Hash: aea73f0611dc2c0ae826291492e53037372dc3851cba82ec85974f612158bd10
                                                  • Instruction Fuzzy Hash: 4421B265B5A64392FA19A715E8105B61391AF487E4F085235EF1D077FCEF2CE8058350
                                                  Function 00007FFE00731818 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressLocaleProcValid
                                                  • String ID: IsValidLocaleName
                                                  • API String ID: 2003423906-4210551052
                                                  • Opcode ID: aa0c9484b85fe4de99d01dd0ea85bc865ed249eb48ddc0d080c0ce807d6728e7
                                                  • Instruction ID: eec1515c8ff0d865ce6287c460a346537c0da3a0a256b3c0a2542662ac43e519
                                                  • Opcode Fuzzy Hash: aa0c9484b85fe4de99d01dd0ea85bc865ed249eb48ddc0d080c0ce807d6728e7
                                                  • Instruction Fuzzy Hash: B121F421B0B64242FB59A765E8105B613A1AF497E4F485235EF2D077FDEE2CF8418340
                                                  Function 00007FF685C1E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory
                                                  • String ID: :
                                                  • API String ID: 1611563598-336475711
                                                  • Opcode ID: e37c33f8f2befd5fbd3c49cdc0b6d52123385b6fd944ea7372e41dd3f6ca63dc
                                                  • Instruction ID: 83a0ab7d5eb257b8ae2ee5be2ab584b69e450dabe7ce83c9c8b6456a81d39055
                                                  • Opcode Fuzzy Hash: e37c33f8f2befd5fbd3c49cdc0b6d52123385b6fd944ea7372e41dd3f6ca63dc
                                                  • Instruction Fuzzy Hash: 8F217C63A08685C2EB609F15D0442AD67B2FF88F54F45403EDA8DC3684DF7CE985CB81
                                                  Function 00007FFE007522B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-1-0(?,?,?,00007FFE007400FD), ref: 00007FFE0075231B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID: AppPolicyGetThreadInitializationType$CompareStringEx
                                                  • API String ID: 190572456-1200376162
                                                  • Opcode ID: 95f3ea5dba3dd10852bc24ad49b951e7ad07eba23ba389b1255418d767f352e6
                                                  • Instruction ID: bc16217c9c12208b8222651a6634459d26e23e6aba05ec905e387cc1f9fc531f
                                                  • Opcode Fuzzy Hash: 95f3ea5dba3dd10852bc24ad49b951e7ad07eba23ba389b1255418d767f352e6
                                                  • Instruction Fuzzy Hash: D721DE21B0F68242FA54A758E811AF51391AF1A3A4F1C5134EF1D477FDEE2CF8428300
                                                  Function 00007FFE00769330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_error
                                                  • String ID: "$pow
                                                  • API String ID: 1757819995-713443511
                                                  • Opcode ID: 2042b7108def7f110b1b6ee9971e6cff704b54fec920353340c6430c5a27a184
                                                  • Instruction ID: 134e149380acb5829204e5d1f8cba3b7368b6fee6cc820353385f6fae21837b3
                                                  • Opcode Fuzzy Hash: 2042b7108def7f110b1b6ee9971e6cff704b54fec920353340c6430c5a27a184
                                                  • Instruction Fuzzy Hash: E2212172D1CAC587D370DF10E44466BBAA1FBDA344F142326F78A06AA8DBBDD5469B00
                                                  Function 00007FF685C0F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFileHeaderRaise
                                                  • String ID: csm
                                                  • API String ID: 2573137834-1018135373
                                                  • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                  • Instruction ID: 67a6bf97cd656c15a168fc222189fec1fb2ffb28cd1c1f8d55d89a89ff464112
                                                  • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                  • Instruction Fuzzy Hash: C4111936618B8582EB218B15E44026AB7E4FF88B98F584239DA8D47768DF3CD951CB00
                                                  Function 00007FFE1330AD94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_StringSubtypeType_
                                                  • String ID: not a ctype instance
                                                  • API String ID: 468607378-3181906287
                                                  • Opcode ID: f85a89c331f72c57455bf836e543c031331b8f11e23131311cae0cf5cabf6560
                                                  • Instruction ID: 72a1c7a7a8a3ca5dd634b3895a27ae26684b8fa924ed195171f065ad2046322f
                                                  • Opcode Fuzzy Hash: f85a89c331f72c57455bf836e543c031331b8f11e23131311cae0cf5cabf6560
                                                  • Instruction Fuzzy Hash: 0D112E21A08F46C9EA10DB17F850069B760FB98FE4F184571EEAD57B79DE2CD1428708
                                                  Function 00007FFE1330A3C4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PyErr_SetString.PYTHON38 ref: 00007FFE1330A3ED
                                                    • Part of subcall function 00007FFE1330AD94: PyType_IsSubtype.PYTHON38(?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330ADC4
                                                    • Part of subcall function 00007FFE1330AD94: PyErr_SetString.PYTHON38(?,?,?,?,00007FFE13309799,?), ref: 00007FFE1330ADDF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_String$SubtypeType_
                                                  • String ID: NULL pointer access$Pointer does not support item deletion
                                                  • API String ID: 3320257282-1262937747
                                                  • Opcode ID: f94f962515928173b9621207c048e73b5289bcfd3c4acbcf380a64fa7c076c00
                                                  • Instruction ID: 6a11dc258fe2f30348bcd3699391de7ebae190bbbe8c020d55219cf23a98138e
                                                  • Opcode Fuzzy Hash: f94f962515928173b9621207c048e73b5289bcfd3c4acbcf380a64fa7c076c00
                                                  • Instruction Fuzzy Hash: 76016165A08F46C5EE04CB57E4504BC6364FBA5BE4B1042B2DD6D677B6CE3CD541C308
                                                  Function 00007FFE00769900 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_error_raise_exc
                                                  • String ID: !$cos
                                                  • API String ID: 1935476177-1949035351
                                                  • Opcode ID: 7ba8ba00ffc1273ac1aa930f0eee218aeb9ec048ea360fdf3b4ace5b6e94d22f
                                                  • Instruction ID: 937547f673679e758be5da87352ace178dc5184ceaa58b52c32604eb1ec57842
                                                  • Opcode Fuzzy Hash: 7ba8ba00ffc1273ac1aa930f0eee218aeb9ec048ea360fdf3b4ace5b6e94d22f
                                                  • Instruction Fuzzy Hash: 29019631A1DB8A81DA54DF12E4403766152BFDA7D4F104339EB9E16B98EF7CE1509B00
                                                  Function 00007FFE13309958 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_ItemSequence_String
                                                  • String ID: args not a tuple?
                                                  • API String ID: 138718260-274370407
                                                  • Opcode ID: 44e828a68b22d3fc0c36b88b9c3241d3d631114fdc07080868d32c778c7a5d22
                                                  • Instruction ID: 2b66e16603cd96bb4f06ff3303536f493a16b8126e55e42a547c4e3261d300b5
                                                  • Opcode Fuzzy Hash: 44e828a68b22d3fc0c36b88b9c3241d3d631114fdc07080868d32c778c7a5d22
                                                  • Instruction Fuzzy Hash: 63019E22A08F46C9E6008B17E44016D6360FB95FF0F145671EABD677B9CF2CD4968304
                                                  Function 00007FFE1330EEAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_StringSubtypeType_
                                                  • String ID: not a ctype instance
                                                  • API String ID: 468607378-3181906287
                                                  • Opcode ID: 08d198a72780ece662508876f4f51f37c6adf97046b3b81eb31e04160cb7e3f3
                                                  • Instruction ID: 8adac164684e6afaba6c93a598f7a11e4f451fc306602cb2e8698fbc74afaa51
                                                  • Opcode Fuzzy Hash: 08d198a72780ece662508876f4f51f37c6adf97046b3b81eb31e04160cb7e3f3
                                                  • Instruction Fuzzy Hash: 9E012D65B08F4AC5EB148B26E44006C6360FB68BE8B504571DE6D67779DF2CE491C318
                                                  Function 00007FFE13309730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_String
                                                  • String ID: Array does not support item deletion$invalid index
                                                  • API String ID: 1450464846-799983634
                                                  • Opcode ID: 240140572056f781c049b3ddeed549436e420cecd83d86d392e8f2c75663a0d5
                                                  • Instruction ID: 05ff5403a79d8f82827e2b27d590f426fe4ad8d5650376a252bb0fbc44121c86
                                                  • Opcode Fuzzy Hash: 240140572056f781c049b3ddeed549436e420cecd83d86d392e8f2c75663a0d5
                                                  • Instruction Fuzzy Hash: 68014C66A08F4AC9DA04DF53E4508B82364FBA4BE0B1001B1E96D67775EF2DD1018308
                                                  Function 00007FF685C1FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1716678719.00007FF685C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF685C00000, based on PE: true
                                                  • Associated: 00000001.00000002.1716657504.00007FF685C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716754129.00007FF685C2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716779444.00007FF685C43000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000001.00000002.1716866273.00007FF685C46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ff685c00000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: DriveType_invalid_parameter_noinfo
                                                  • String ID: :
                                                  • API String ID: 2595371189-336475711
                                                  • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                  • Instruction ID: 85e6bc3fd1e5266f124d4eeadb72387b7bae2cc3ce032bf0df24f1b1818597d8
                                                  • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                  • Instruction Fuzzy Hash: 86017863A58246C6EB20AF60D4612BE26B0FF48B68F80103ED54DC2691DE6CE905CF24
                                                  Function 00007FFE00769920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_errorf_raise_excf
                                                  • String ID: !$cosf
                                                  • API String ID: 3848079588-2208875612
                                                  • Opcode ID: 97a513e0f3d115946be92a54d664c20ecc8d6105ebcadbe10c1a652fc4fdf1d4
                                                  • Instruction ID: 2def60a9b18fc25c97e8162cef5ec1fa450225eac858916e5f2566f13da78df2
                                                  • Opcode Fuzzy Hash: 97a513e0f3d115946be92a54d664c20ecc8d6105ebcadbe10c1a652fc4fdf1d4
                                                  • Instruction Fuzzy Hash: AB01967291C69187F314DB66A48137AB9D1FBD5384F344225F74606BB8DB7CD5819F00
                                                  Function 00007FFE00769940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_error_raise_exc
                                                  • String ID: !$sin
                                                  • API String ID: 1935476177-1565623160
                                                  • Opcode ID: 6deb3075f24cc3842db92cd71ec257ce9806b4e46556c94b9afdec1a85de8467
                                                  • Instruction ID: 8d168e188d1db36ba02445c9877785f257642282278bc9a6415f7396516b4d30
                                                  • Opcode Fuzzy Hash: 6deb3075f24cc3842db92cd71ec257ce9806b4e46556c94b9afdec1a85de8467
                                                  • Instruction Fuzzy Hash: 30018871A1DB8A41D614DF12E44037A6162BFDA7D4F144339EB5E16B98EF7CE1409B00
                                                  Function 00007FFE00765570 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_errorf
                                                  • String ID: "$expf
                                                  • API String ID: 2315412904-303238936
                                                  • Opcode ID: fef54ff7b95874bec43b0b3bdd19ececa4550de330a24f97a3394677f46fc204
                                                  • Instruction ID: 2f389973025002e477fbd5c3411fa80fcd94edd25d4cf0bdd04b880ca7bb270a
                                                  • Opcode Fuzzy Hash: fef54ff7b95874bec43b0b3bdd19ececa4550de330a24f97a3394677f46fc204
                                                  • Instruction Fuzzy Hash: 3A01CE72929AC486E330DB22D08A3AAB6A0FFE5344F645315E385126B4CF7DD495EB00
                                                  Function 00007FFE00769AD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_errorf_raise_excf
                                                  • String ID: !$tanf
                                                  • API String ID: 3848079588-3147098732
                                                  • Opcode ID: dac575506c6d9ff4d36a2ef70b3c3940e4631d6360e2b511d47d035168ef6ee1
                                                  • Instruction ID: 137e1b27ef9d2fd3a6397b35c8227cfc7222dca3615b23ab50601dc5727ac40a
                                                  • Opcode Fuzzy Hash: dac575506c6d9ff4d36a2ef70b3c3940e4631d6360e2b511d47d035168ef6ee1
                                                  • Instruction Fuzzy Hash: C101757291C68287F310DB66A48137AB591FBD5784F348225E74616BBCDB7CD4809F00
                                                  Function 00007FFE00769A90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_errorf_raise_excf
                                                  • String ID: !$sinf
                                                  • API String ID: 3848079588-676365165
                                                  • Opcode ID: 89606b5e8b4cf005ad09f5a2b269fb4f6582657320634e1412b4497a7eece82f
                                                  • Instruction ID: 92a0866b032d00d2261c387a9cf8b517a6ac04d0c02e6c79701754a38bcb3df2
                                                  • Opcode Fuzzy Hash: 89606b5e8b4cf005ad09f5a2b269fb4f6582657320634e1412b4497a7eece82f
                                                  • Instruction Fuzzy Hash: F901757291C68187F310DB66A48137AB691FBD5784F348225E746167BCDF7CD4809F00
                                                  Function 00007FFE007654D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_error
                                                  • String ID: "$exp
                                                  • API String ID: 1757819995-2878093337
                                                  • Opcode ID: c4fcf76e3e29136143e1cba3a9cff0f211c77a69fc1107ed387352c2ebce5c6a
                                                  • Instruction ID: d341954c931782f4bf06c4ea11fff4db0303e7b5686e45f10e190c9539c79b5b
                                                  • Opcode Fuzzy Hash: c4fcf76e3e29136143e1cba3a9cff0f211c77a69fc1107ed387352c2ebce5c6a
                                                  • Instruction Fuzzy Hash: 1F01C436A39B89C3E220DF24D4492AA76B1FFEA304F641315E74616774DB7DD481DB00
                                                  Function 00007FFE1330B28C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dict_Err_ItemString
                                                  • String ID: abstract class
                                                  • API String ID: 960913676-1623945838
                                                  • Opcode ID: 07c45d1470a683c08f1dd7549840009edc2de2ed2696f7d1a0a357b19f8bdd29
                                                  • Instruction ID: fd60947eb143e6ee8b7488d661c61dce904a0afcc31597a38fc123f8243e109d
                                                  • Opcode Fuzzy Hash: 07c45d1470a683c08f1dd7549840009edc2de2ed2696f7d1a0a357b19f8bdd29
                                                  • Instruction Fuzzy Hash: 94F04921E18E07C8EA188F27F8900BC2360AF64BF4B5456B1DD3D677B6DE2CD4558348
                                                  Function 00007FFE1330B52C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: AttrEqualGenericObject_StringUnicode_
                                                  • String ID: _fields_
                                                  • API String ID: 947992268-3196300388
                                                  • Opcode ID: 81302801c8f309143efa51e50963888af44412098198a7c52121d9c7bff7cc98
                                                  • Instruction ID: d5f88a284d0da4167e7c2c145cc8d7641d0d0236157fbc2a7dd69c74139bd4bf
                                                  • Opcode Fuzzy Hash: 81302801c8f309143efa51e50963888af44412098198a7c52121d9c7bff7cc98
                                                  • Instruction Fuzzy Hash: 48F04411B18E868AE7548B67B44027D6350EF55BE0F5891B1E96E626A9CF2CD4908704
                                                  Function 00007FFE1330CEA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Dict_Err_ErrorItemOccurredWith
                                                  • String ID: getting _needs_com_addref_
                                                  • API String ID: 2359299079-4140119658
                                                  • Opcode ID: 26c22734314908c9c5a6b304ba70b9f3844488a006614a608f28ba05d0495ae1
                                                  • Instruction ID: 78974fd94ff19e9021f133a59a32418aa933c92c6fc8b51507ab3c03d3a31368
                                                  • Opcode Fuzzy Hash: 26c22734314908c9c5a6b304ba70b9f3844488a006614a608f28ba05d0495ae1
                                                  • Instruction Fuzzy Hash: 4AF03061F15E46C9FE198B57D45017C23A0AF68F65B484071CA3D2A371DF2CE495C318
                                                  Function 00007FFE00769890 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: _handle_error_raise_exc
                                                  • String ID: !$remainder
                                                  • API String ID: 1935476177-2737868549
                                                  • Opcode ID: d71720276c73ce426812ee322106430754358d9dc9e8b6e5ee85094765619759
                                                  • Instruction ID: 4a200c540e02b81298e79d3a20583e56c80a4762d1456a4e80bfe5b429bcbad1
                                                  • Opcode Fuzzy Hash: d71720276c73ce426812ee322106430754358d9dc9e8b6e5ee85094765619759
                                                  • Instruction Fuzzy Hash: 05F06D32C18AC583E620DF24E0426AAB7B0FFEA358F545315FB8516679DB7DD1868F00
                                                  Function 00007FFE1330DED4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_StringSubtypeType_
                                                  • String ID: invalid type
                                                  • API String ID: 468607378-446110543
                                                  • Opcode ID: 8368d9254fdd679526cd1a9d5725e2dd1d9492e1c54c901f5b1e911c6c4889d0
                                                  • Instruction ID: e8cb8fc1c7c5e86437bb404a378acf6457f50b98bc987999e82486b39b36e895
                                                  • Opcode Fuzzy Hash: 8368d9254fdd679526cd1a9d5725e2dd1d9492e1c54c901f5b1e911c6c4889d0
                                                  • Instruction Fuzzy Hash: C5F0C061F04D06C5EF148B67E4540B863A1FFA8BA4B4495B1C93DA6675DE2CD4D5C30C
                                                  Function 00007FFE0077A048 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • try_get_function.LIBVCRUNTIME ref: 00007FFE0077A071
                                                  • TlsSetValue.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0(?,?,?,00007FFE0077987D,?,?,?,?,00007FFE007796A1,?,?,?,?,00007FFE00747704), ref: 00007FFE0077A088
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Valuetry_get_function
                                                  • String ID: FlsSetValue
                                                  • API String ID: 738293619-3750699315
                                                  • Opcode ID: cd84e72994bb106da56984b4955114b205610e10474c783efb8aaa7b71ca3094
                                                  • Instruction ID: 0de9197878543c2e12ba5a88e68298cb55987f7e1096937a9ea7491785f766cf
                                                  • Opcode Fuzzy Hash: cd84e72994bb106da56984b4955114b205610e10474c783efb8aaa7b71ca3094
                                                  • Instruction Fuzzy Hash: 0DE0C962A1B642A2EA567B55A4404B86261AF88780F5C4036DB1D063BDDE7CE999C305
                                                  Function 00007FFE1330E504 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: PrintableUnicode_
                                                  • String ID: '$\
                                                  • API String ID: 1291510985-1366717710
                                                  • Opcode ID: e176d3102f8a3f5e50db41b58591142ae96478ea56b6add533f47ceba62d0724
                                                  • Instruction ID: 15f458c0153b4ddc74ac44ae70516c6b6a424e710385bea249e8e5fb9e76fdee
                                                  • Opcode Fuzzy Hash: e176d3102f8a3f5e50db41b58591142ae96478ea56b6add533f47ceba62d0724
                                                  • Instruction Fuzzy Hash: ADE02612F1DD018EFF600277B8053B912929FA8770F8C4071E57C022F0DC2CD882421C
                                                  Function 00007FFE1330EF4C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: FormatFromUnicode_
                                                  • String ID: <Field type=%s, ofs=%zd, size=%zd>$<Field type=%s, ofs=%zd:%zd, bits=%zd>
                                                  • API String ID: 3889672380-2914491812
                                                  • Opcode ID: 29b28214dc4daecb7cb1f49bf97f3c6bf41219dbad2afee38a78a522a064f5f8
                                                  • Instruction ID: e59986e0085a75220796202850f04b7de4bd82d8c59a170febe438855fa90e15
                                                  • Opcode Fuzzy Hash: 29b28214dc4daecb7cb1f49bf97f3c6bf41219dbad2afee38a78a522a064f5f8
                                                  • Instruction Fuzzy Hash: 11E09AA2F04E41C6DB148B0EE8004A97330FB60BA8BA201A6CE1C23331CF3CD0A3D748
                                                  Function 00007FFE1330408C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Err_$OccurredString
                                                  • String ID: PyObject is NULL
                                                  • API String ID: 114435612-3221357749
                                                  • Opcode ID: c3a842dcbd350af876c7cc5921dc1184f5b268ea4e277cc45085e60c13a99c40
                                                  • Instruction ID: 8984b0b1da7580b1f93c5d9b2a2c71c969336c75fdcd765d2ce73c11be884bff
                                                  • Opcode Fuzzy Hash: c3a842dcbd350af876c7cc5921dc1184f5b268ea4e277cc45085e60c13a99c40
                                                  • Instruction Fuzzy Hash: 45E0BF20F0AD03C9EE145B27E84017823A1BF6CBA5B5459B6C92DA6371EE2DE4058708
                                                  Function 00007FFE0073CAA4 Relevance: 5.3, APIs: 4, Instructions: 265COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFE0073C9C1), ref: 00007FFE0073CBE6
                                                  • MultiByteToWideChar.API-MS-WIN-CORE-STRING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFE0073C9C1), ref: 00007FFE0073CC39
                                                  • GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,00000000,00000000,?,?,00000000,00007FFE0073C9C1), ref: 00007FFE007809E1
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717582886.00007FFE00731000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFE00730000, based on PE: true
                                                  • Associated: 00000001.00000002.1717562810.00007FFE00730000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717642241.00007FFE007E5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717672774.00007FFE0081F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717691284.00007FFE00822000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe00730000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$ErrorLast
                                                  • String ID:
                                                  • API String ID: 1717984340-0
                                                  • Opcode ID: d72928f14c07642b18a7873c648fbe44bf993ae18c83a1b561327d21b3e4d091
                                                  • Instruction ID: af383eb6c642e5080b9499de144a796a67da26428931a35fa6d5a578002e0706
                                                  • Opcode Fuzzy Hash: d72928f14c07642b18a7873c648fbe44bf993ae18c83a1b561327d21b3e4d091
                                                  • Instruction Fuzzy Hash: AFB12A61E0F28349FBB9BB24849117DA690EF44754F2C4236DB5E16BFCCE2CA4A08352
                                                  Function 00007FFE1330E5C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Capsule_FreeMem_Pointer
                                                  • String ID: _ctypes pymem
                                                  • API String ID: 1268649101-201515578
                                                  • Opcode ID: 56aa39eb5979ff420b8f74c0b82c083b2a22dde05a45f10aad5266d7e5fd81f2
                                                  • Instruction ID: cef87e2099c8d9b2e2bf09b4661838918f18a8a33575f9b4ec9010da7f3b7a9f
                                                  • Opcode Fuzzy Hash: 56aa39eb5979ff420b8f74c0b82c083b2a22dde05a45f10aad5266d7e5fd81f2
                                                  • Instruction Fuzzy Hash: FAC08010F17E03C5FD185B439C4417413607F64B60F8404B4C01D15371DE2CE155C31C
                                                  Function 00007FFE1330FCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.1717735477.00007FFE13301000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                  • Associated: 00000001.00000002.1717715817.00007FFE13300000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717759055.00007FFE13311000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717779001.00007FFE13318000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                  • Associated: 00000001.00000002.1717796600.00007FFE1331C000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_7ffe13300000_oKfMLwqaRZ.jbxd
                                                  Similarity
                                                  • API ID: Capsule_FreeMem_Pointer
                                                  • String ID: _ctypes/cfield.c pymem
                                                  • API String ID: 1268649101-2578739719
                                                  • Opcode ID: 09e8de93bb7fc27e010d1e423826d773f5fd79115a19586fecd86bd959678d95
                                                  • Instruction ID: 7c3f822417399852c6d50224917bb8e91d0ce3f70c7c0ba5ad04de166abb07be
                                                  • Opcode Fuzzy Hash: 09e8de93bb7fc27e010d1e423826d773f5fd79115a19586fecd86bd959678d95
                                                  • Instruction Fuzzy Hash: 7CC01260E26D03C5ED14AB47A84506413616F24B50F8404B4C41D21235DE2C61999308